Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe

Overview

General Information

Sample URL:https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe
Analysis ID:336860

Most interesting Screenshot:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Writes many files with high entropy
Adds / modifies Windows certificates
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables security privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file contains strange resources
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Startup

  • System is w10x64
  • cmd.exe (PID: 488 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 4120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 4228 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • SideQuest.exe (PID: 7096 cmdline: 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' MD5: 63573D4D9A8C29452F403D1550E5FE54)
    • SideQuest.exe (PID: 4276 cmdline: 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2 MD5: 63573D4D9A8C29452F403D1550E5FE54)
    • SideQuest.exe (PID: 4000 cmdline: 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8 MD5: 63573D4D9A8C29452F403D1550E5FE54)
    • SideQuest.exe (PID: 676 cmdline: 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1 MD5: 63573D4D9A8C29452F403D1550E5FE54)
    • SideQuest.exe (PID: 6220 cmdline: 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1 MD5: 63573D4D9A8C29452F403D1550E5FE54)
    • adb.exe (PID: 3404 cmdline: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe start-server MD5: A6922D1B0CE58266497BA9DB1A35C900)
      • conhost.exe (PID: 6500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • adb.exe (PID: 4168 cmdline: adb -L tcp:5037 fork-server server --reply-fd 636 MD5: A6922D1B0CE58266497BA9DB1A35C900)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A940 RSA_public_decrypt,BN_num_bits,RSA_verify_raw,37_2_0140A940
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E4530 BN_nnmod_pow2,BN_mod_pow2,memset,CRYPTO_once,BN_add,37_2_013E4530
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD120 EC_KEY_set_group,EC_GROUP_cmp,ERR_put_error,CRYPTO_refcount_inc,37_2_013FD120
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A160 RSA_encrypt,ERR_put_error,BN_num_bits,OPENSSL_malloc,OPENSSL_realloc,ERR_put_error,BN_CTX_get,BN_CTX_get,OPENSSL_malloc,RSA_padding_add_PKCS1_OAEP_mgf1,BN_bin2bn,BN_ucmp,ERR_put_error,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,OPENSSL_free,37_2_0140A160
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3910 EVP_DecryptInit,memset,EVP_CipherInit_ex,37_2_013F3910
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140AD70 RSA_set_ex_data,CRYPTO_set_ex_data,37_2_0140AD70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3500 EVP_DecryptFinal_ex,ERR_put_error,37_2_013F3500
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4100 EVP_des_cbc,CRYPTO_once,37_2_013F4100
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F6D00 DES_ede3_cbc_encrypt,DES_encrypt3,DES_encrypt3,DES_decrypt3,DES_decrypt3,37_2_013F6D00
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4170 EVP_des_ecb,CRYPTO_once,37_2_013F4170
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F7970 EVP_sha384,CRYPTO_once,37_2_013F7970
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DD960 AES_ctr128_encrypt,37_2_013DD960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D2960 EVP_PKEY_free,CRYPTO_refcount_dec_and_test_zero,37_2_013D2960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013EE960 bn_miller_rabin_init,BN_CTX_get,BN_CTX_get,BN_CTX_get,BN_CTX_get,CRYPTO_once,BN_count_low_zero_bits,bn_rshift_secret_shift,BN_num_bits,BN_from_montgomery,37_2_013EE960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140AD30 RSA_get_ex_new_index,CRYPTO_get_ex_new_index,37_2_0140AD30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014059C0 CRYPTO_gcm128_decrypt,37_2_014059C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D59B0 X509_get_ex_new_index,CRYPTO_get_ex_new_index,37_2_013D59B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F69B0 DES_ncbc_encrypt,DES_encrypt3,37_2_013F69B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D29A0 EVP_PKEY_up_ref,CRYPTO_refcount_inc,37_2_013D29A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F21A0 BN_sqrt,BN_CTX_get,BN_CTX_get,BN_CTX_get,CRYPTO_once,BN_num_bits,BN_lshift,BN_div,BN_div,BN_add,BN_sub,BN_cmp,ERR_put_error,ERR_put_error,37_2_013F21A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D5990 X509_up_ref,CRYPTO_refcount_inc,37_2_013D5990
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3190 EVP_EncryptInit_ex,EVP_CipherInit_ex,37_2_013F3190
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3D80 EVP_aead_aes_192_gcm,CRYPTO_once,37_2_013F3D80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D59F0 X509_set_ex_data,CRYPTO_set_ex_data,37_2_013D59F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F79F0 EVP_sha512,CRYPTO_once,37_2_013F79F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140AD90 RSA_get_ex_data,CRYPTO_get_ex_data,37_2_0140AD90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D31E0 EVP_PKEY_new_raw_public_key,OPENSSL_malloc,ERR_put_error,ERR_put_error,ERR_put_error,ERR_add_error_dataf,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,37_2_013D31E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F41E0 EVP_des_ede3_cbc,CRYPTO_once,37_2_013F41E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014205A0 ERR_peek_error,CRYPTO_get_thread_local,OPENSSL_malloc,memset,CRYPTO_set_thread_local,37_2_014205A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F31D0 EVP_DecryptInit_ex,EVP_CipherInit_ex,37_2_013F31D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FCDD0 EC_get_builtin_curves,CRYPTO_once,37_2_013FCDD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014099B0 RSA_free,CRYPTO_refcount_dec_and_test_zero,CRYPTO_free_ex_data,BN_MONT_CTX_free,BN_MONT_CTX_free,BN_MONT_CTX_free,37_2_014099B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_015315A0 CRYPTO_get_ex_new_index,OPENSSL_malloc,CRYPTO_STATIC_MUTEX_lock_write,sk_new_null,sk_push,sk_num,ERR_put_error,ERR_put_error,OPENSSL_free,CRYPTO_STATIC_MUTEX_unlock_write,37_2_015315A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FCDC0 EC_GROUP_set_point_conversion_form,abort,EC_get_builtin_curves,CRYPTO_once,37_2_013FCDC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01514850 DSA_up_ref,CRYPTO_refcount_inc,37_2_01514850
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01532850 CRYPTO_STATIC_MUTEX_unlock_read,abort,CRYPTO_STATIC_MUTEX_unlock_write,abort,CRYPTO_once,37_2_01532850
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3C30 EVP_aes_256_ctr,CRYPTO_once,37_2_013F3C30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01535C70 CRYPTO_STATIC_MUTEX_lock_read,CRYPTO_STATIC_MUTEX_unlock_read,37_2_01535C70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3C10 EVP_aes_256_cbc,CRYPTO_once,37_2_013F3C10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FA800 EC_GROUP_free,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,OPENSSL_free,OPENSSL_free,BN_MONT_CTX_free,37_2_013FA800
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD400 EC_KEY_check_key,EC_GROUP_cmp,ERR_put_error,ERR_put_error,OPENSSL_malloc,EC_GROUP_cmp,ERR_put_error,ERR_put_error,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,EC_GROUP_free,OPENSSL_free,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_POINT_cmp,ERR_put_error,ERR_put_error,37_2_013FD400
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01405000 CRYPTO_gcm128_aad,37_2_01405000
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01409800 RSA_new_method,OPENSSL_malloc,CRYPTO_once,CRYPTO_MUTEX_init,ERR_put_error,37_2_01409800
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3C70 EVP_aes_256_gcm,CRYPTO_once,37_2_013F3C70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F5870 DES_ecb_encrypt,37_2_013F5870
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F7070 DES_ede2_cbc_encrypt,DES_ede3_cbc_encrypt,37_2_013F7070
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F7870 EVP_sha224,CRYPTO_once,37_2_013F7870
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4050 EVP_aead_aes_256_gcm_tls13,CRYPTO_once,37_2_013F4050
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3C50 EVP_aes_256_ofb,CRYPTO_once,37_2_013F3C50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FAC50 EC_GROUP_new_by_curve_name,CRYPTO_once,CRYPTO_STATIC_MUTEX_lock_read,CRYPTO_STATIC_MUTEX_unlock_read,OPENSSL_malloc,BN_bin2bn,ERR_put_error,ERR_put_error,ERR_put_error,EC_GROUP_free,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,CRYPTO_STATIC_MUTEX_lock_write,OPENSSL_free,37_2_013FAC50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD040 EC_KEY_dup,EC_KEY_new_method,EC_GROUP_cmp,ERR_put_error,ERR_put_error,CRYPTO_refcount_inc,EC_KEY_set_public_key,EC_KEY_set_private_key,EC_KEY_free,37_2_013FD040
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A0C0 RSA_public_encrypt,BN_num_bits,RSA_encrypt,37_2_0140A0C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3CB0 EVP_aes_192_ecb,CRYPTO_once,37_2_013F3CB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014060D0 CRYPTO_gcm128_encrypt_ctr32,37_2_014060D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01406CE0 CRYPTO_gcm128_finish,CRYPTO_memcmp,37_2_01406CE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D3090 EVP_PKEY_new_raw_private_key,OPENSSL_malloc,ERR_put_error,ERR_put_error,ERR_put_error,ERR_add_error_dataf,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,37_2_013D3090
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3C90 EVP_aes_128_ecb,CRYPTO_once,37_2_013F3C90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FA890 EC_GROUP_set_generator,ERR_put_error,BN_num_bits,BN_new,BN_lshift1,BN_cmp,EC_POINT_new,EC_POINT_copy,BN_copy,ERR_put_error,EC_POINT_free,BN_free,BN_MONT_CTX_free,BN_MONT_CTX_new_for_modulus,BN_cmp,BN_sub,CRYPTO_refcount_dec_and_test_zero,37_2_013FA890
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F6C80 DES_ecb3_encrypt,DES_encrypt3,DES_decrypt3,37_2_013F6C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01404C80 CRYPTO_gcm128_setiv,37_2_01404C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3CF0 EVP_aead_aes_128_gcm,CRYPTO_once,37_2_013F3CF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F78F0 EVP_sha256,CRYPTO_once,37_2_013F78F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FDCF0 EC_KEY_generate_key,BN_num_bits,ERR_put_error,OPENSSL_malloc,ERR_put_error,OPENSSL_malloc,CRYPTO_refcount_inc,memset,OPENSSL_free,EC_GROUP_free,OPENSSL_free,ERR_put_error,EC_GROUP_free,OPENSSL_free,OPENSSL_free,37_2_013FDCF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A890 RSA_private_decrypt,BN_num_bits,ERR_put_error,37_2_0140A890
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DDCE0 AES_ecb_encrypt,37_2_013DDCE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D94D0 AES_set_decrypt_key,37_2_013D94D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3CD0 EVP_aes_256_ecb,CRYPTO_once,37_2_013F3CD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01409CB0 RSA_up_ref,CRYPTO_refcount_inc,37_2_01409CB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D58C0 X509_parse_from_buffer,CRYPTO_BUFFER_len,X509_it,ASN1_item_new,CRYPTO_BUFFER_data,CRYPTO_BUFFER_len,X509_it,ASN1_item_d2i,CRYPTO_BUFFER_data,CRYPTO_BUFFER_len,CRYPTO_BUFFER_up_ref,ERR_put_error,X509_it,ASN1_item_free,37_2_013D58C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F38C0 EVP_EncryptInit,memset,EVP_CipherInit_ex,37_2_013F38C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01521F50 CRYPTO_BUFFER_data,37_2_01521F50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3B30 EVP_aes_128_ctr,CRYPTO_once,37_2_013F3B30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3F30 EVP_aead_aes_256_gcm_tls12,CRYPTO_once,37_2_013F3F30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4330 EVP_des_ede3,CRYPTO_once,37_2_013F4330
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01531740 CRYPTO_free_ex_data,CRYPTO_STATIC_MUTEX_lock_read,sk_num,sk_dup,CRYPTO_STATIC_MUTEX_unlock_read,ERR_put_error,CRYPTO_STATIC_MUTEX_unlock_read,sk_num,sk_num,sk_value,sk_num,sk_value,sk_free,sk_free,37_2_01531740
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FAB20 EC_POINT_new,OPENSSL_malloc,CRYPTO_refcount_inc,memset,ERR_put_error,37_2_013FAB20
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D7310 AES_set_encrypt_key,37_2_013D7310
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3B10 EVP_aes_128_cbc,CRYPTO_once,37_2_013F3B10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01521F60 CRYPTO_BUFFER_len,37_2_01521F60
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3B70 EVP_aes_128_gcm,CRYPTO_once,37_2_013F3B70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F7770 EVP_md5,CRYPTO_once,37_2_013F7770
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DE760 AES_cfb128_encrypt,37_2_013DE760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F5760 DES_decrypt3,37_2_013F5760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01521F30 CRYPTO_BUFFER_up_ref,CRYPTO_refcount_inc,37_2_01521F30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01531730 CRYPTO_new_ex_data,37_2_01531730
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3350 EVP_EncryptFinal_ex,memset,ERR_put_error,37_2_013F3350
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3B50 EVP_aes_128_ofb,CRYPTO_once,37_2_013F3B50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3740 EVP_CIPHER_CTX_encrypting,37_2_013F3740
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140BBC0 RSA_check_fips,RSA_check_key,OPENSSL_malloc,BN_num_bits,CRYPTO_once,BN_gcd,ERR_put_error,OPENSSL_free,ERR_put_error,ERR_put_error,ERR_put_error,OPENSSL_free,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,BN_num_bits,OPENSSL_malloc,RSA_sign,RSA_verify,ERR_put_error,OPENSSL_free,BN_enhanced_miller_rabin_primality_test,37_2_0140BBC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3BB0 EVP_aes_192_ctr,CRYPTO_once,37_2_013F3BB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DE3A0 AES_ofb128_encrypt,37_2_013DE3A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F43A0 EVP_des_ede3_ecb,CRYPTO_once,37_2_013F43A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014207E0 ERR_clear_error,CRYPTO_get_thread_local,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_malloc,memset,CRYPTO_set_thread_local,37_2_014207E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D6F90 AES_decrypt,37_2_013D6F90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3B90 EVP_aes_192_cbc,CRYPTO_once,37_2_013F3B90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014087F0 RSA_padding_add_PKCS1_OAEP_mgf1,CRYPTO_once,ERR_put_error,EVP_Digest,memset,memcpy,OPENSSL_malloc,OPENSSL_free,37_2_014087F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD380 EC_KEY_up_ref,CRYPTO_refcount_inc,37_2_013FD380
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FCF80 EC_KEY_free,CRYPTO_refcount_dec_and_test_zero,EC_GROUP_free,EC_GROUP_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,CRYPTO_free_ex_data,37_2_013FCF80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FDF80 EC_KEY_get_ex_new_index,CRYPTO_get_ex_new_index,37_2_013FDF80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F33F0 EVP_DecryptUpdate,memcpy,EVP_EncryptUpdate,memcpy,37_2_013F33F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3BF0 EVP_aes_192_gcm,CRYPTO_once,37_2_013F3BF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F77F0 EVP_sha1,CRYPTO_once,37_2_013F77F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FDFE0 EC_KEY_get_ex_data,CRYPTO_get_ex_data,37_2_013FDFE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DD3D0 AES_unwrap_key,memmove,CRYPTO_memcmp,37_2_013DD3D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3BD0 EVP_aes_192_ofb,CRYPTO_once,37_2_013F3BD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD7D0 EC_KEY_set_public_key_affine_coordinates,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_POINT_set_affine_coordinates_GFp,EC_KEY_set_public_key,EC_KEY_check_key,EC_GROUP_free,OPENSSL_free,ERR_put_error,37_2_013FD7D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3FC0 EVP_aead_aes_128_gcm_tls13,CRYPTO_once,37_2_013F3FC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FDFC0 EC_KEY_set_ex_data,CRYPTO_set_ex_data,37_2_013FDFC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DD630 AES_unwrap_key_padded,memmove,CRYPTO_memcmp,37_2_013DD630
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4620 DES_encrypt3,37_2_013F4620
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01531670 CRYPTO_set_ex_data,sk_new_null,sk_num,sk_push,sk_set,ERR_put_error,37_2_01531670
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D5A10 X509_get_ex_data,CRYPTO_get_ex_data,37_2_013D5A10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3210 EVP_EncryptUpdate,memcpy,memcpy,memcpy,37_2_013F3210
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3E10 EVP_aead_aes_256_gcm,CRYPTO_once,37_2_013F3E10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01406E70 CRYPTO_gcm128_tag,CRYPTO_gcm128_finish,memcpy,37_2_01406E70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F7A70 EVP_md5_sha1,CRYPTO_once,37_2_013F7A70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FB270 EC_GROUP_dup,CRYPTO_refcount_inc,37_2_013FB270
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3A60 CRYPTO_gcm128_init_key,memset,37_2_013F3A60
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A620 RSA_private_encrypt,BN_num_bits,ERR_put_error,37_2_0140A620
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F4250 EVP_des_ede_cbc,CRYPTO_once,37_2_013F4250
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3640 EVP_CipherUpdate,EVP_DecryptUpdate,37_2_013F3640
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FBA40 EC_POINT_dup,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_GROUP_cmp,ERR_put_error,EC_GROUP_free,OPENSSL_free,ERR_put_error,memcpy,memcpy,memcpy,37_2_013FBA40
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FCE40 EC_KEY_new_method,OPENSSL_malloc,ENGINE_get_ECDSA_method,CRYPTO_new_ex_data,CRYPTO_free_ex_data,OPENSSL_free,ERR_put_error,37_2_013FCE40
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FA6B0 EC_GROUP_new_curve_GFp,BN_num_bits,CRYPTO_once,OPENSSL_malloc,memset,ERR_put_error,OPENSSL_free,ERR_put_error,EC_GROUP_free,37_2_013FA6B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014066D0 CRYPTO_gcm128_decrypt_ctr32,37_2_014066D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140A6D0 RSA_decrypt,37_2_0140A6D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F3EA0 EVP_aead_aes_128_gcm_tls12,CRYPTO_once,37_2_013F3EA0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_015316F0 CRYPTO_get_ex_data,sk_num,sk_value,37_2_015316F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D6290 AES_encrypt,37_2_013D6290
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01425EF0 CRYPTO_memcmp,37_2_01425EF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E0280 BN_value_one,CRYPTO_once,37_2_013E0280
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F76F0 EVP_md4,CRYPTO_once,37_2_013F76F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014052A0 CRYPTO_gcm128_encrypt,37_2_014052A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F42C0 EVP_des_ede,CRYPTO_once,37_2_013F42C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E4530 BN_nnmod_pow2,BN_mod_pow2,memset,CRYPTO_once,BN_add,39_2_013E4530
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD120 EC_KEY_set_group,EC_GROUP_cmp,ERR_put_error,CRYPTO_refcount_inc,39_2_013FD120
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3910 EVP_DecryptInit,memset,EVP_CipherInit_ex,39_2_013F3910
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3500 EVP_DecryptFinal_ex,ERR_put_error,39_2_013F3500
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4100 EVP_des_cbc,CRYPTO_once,39_2_013F4100
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F6D00 DES_ede3_cbc_encrypt,DES_encrypt3,DES_encrypt3,DES_decrypt3,DES_decrypt3,39_2_013F6D00
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4170 EVP_des_ecb,CRYPTO_once,39_2_013F4170
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F7970 EVP_sha384,CRYPTO_once,39_2_013F7970
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DD960 AES_ctr128_encrypt,39_2_013DD960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D2960 EVP_PKEY_free,CRYPTO_refcount_dec_and_test_zero,39_2_013D2960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013EE960 bn_miller_rabin_init,BN_CTX_get,BN_CTX_get,BN_CTX_get,BN_CTX_get,CRYPTO_once,BN_count_low_zero_bits,bn_rshift_secret_shift,BN_num_bits,BN_from_montgomery,39_2_013EE960
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532920 CRYPTO_set_thread_local,OPENSSL_malloc,OPENSSL_free,abort,39_2_01532920
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014059C0 CRYPTO_gcm128_decrypt,39_2_014059C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D59B0 X509_get_ex_new_index,CRYPTO_get_ex_new_index,39_2_013D59B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F69B0 DES_ncbc_encrypt,DES_encrypt3,39_2_013F69B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D29A0 EVP_PKEY_up_ref,CRYPTO_refcount_inc,39_2_013D29A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F21A0 BN_sqrt,BN_CTX_get,BN_CTX_get,BN_CTX_get,CRYPTO_once,BN_num_bits,BN_lshift,BN_div,BN_div,BN_add,BN_sub,BN_cmp,ERR_put_error,ERR_put_error,39_2_013F21A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D5990 X509_up_ref,CRYPTO_refcount_inc,39_2_013D5990
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3190 EVP_EncryptInit_ex,EVP_CipherInit_ex,39_2_013F3190
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3D80 EVP_aead_aes_192_gcm,CRYPTO_once,39_2_013F3D80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D59F0 X509_set_ex_data,CRYPTO_set_ex_data,39_2_013D59F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F79F0 EVP_sha512,CRYPTO_once,39_2_013F79F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01531D80 OBJ_obj2nid,CRYPTO_STATIC_MUTEX_lock_read,lh_retrieve,CRYPTO_STATIC_MUTEX_unlock_read,CRYPTO_STATIC_MUTEX_unlock_read,bsearch,39_2_01531D80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D31E0 EVP_PKEY_new_raw_public_key,OPENSSL_malloc,ERR_put_error,ERR_put_error,ERR_put_error,ERR_add_error_dataf,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,39_2_013D31E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F41E0 EVP_des_ede3_cbc,CRYPTO_once,39_2_013F41E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F31D0 EVP_DecryptInit_ex,EVP_CipherInit_ex,39_2_013F31D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FCDD0 EC_get_builtin_curves,CRYPTO_once,39_2_013FCDD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014099B0 RSA_free,CRYPTO_refcount_dec_and_test_zero,CRYPTO_free_ex_data,BN_MONT_CTX_free,BN_MONT_CTX_free,BN_MONT_CTX_free,39_2_014099B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_015315A0 CRYPTO_get_ex_new_index,OPENSSL_malloc,CRYPTO_STATIC_MUTEX_lock_write,sk_new_null,sk_push,sk_num,ERR_put_error,ERR_put_error,OPENSSL_free,CRYPTO_STATIC_MUTEX_unlock_write,39_2_015315A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FCDC0 EC_GROUP_set_point_conversion_form,abort,EC_get_builtin_curves,CRYPTO_once,39_2_013FCDC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01514850 DSA_up_ref,CRYPTO_refcount_inc,39_2_01514850
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532850 CRYPTO_STATIC_MUTEX_unlock_read,abort,39_2_01532850
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3C30 EVP_aes_256_ctr,CRYPTO_once,39_2_013F3C30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532870 CRYPTO_STATIC_MUTEX_unlock_write,abort,39_2_01532870
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01535C70 CRYPTO_STATIC_MUTEX_lock_read,CRYPTO_STATIC_MUTEX_unlock_read,39_2_01535C70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3C10 EVP_aes_256_cbc,CRYPTO_once,39_2_013F3C10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FA800 EC_GROUP_free,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,OPENSSL_free,OPENSSL_free,BN_MONT_CTX_free,39_2_013FA800
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD400 EC_KEY_check_key,EC_GROUP_cmp,ERR_put_error,ERR_put_error,OPENSSL_malloc,EC_GROUP_cmp,ERR_put_error,ERR_put_error,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,EC_GROUP_free,OPENSSL_free,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_POINT_cmp,ERR_put_error,ERR_put_error,39_2_013FD400
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01405000 CRYPTO_gcm128_aad,39_2_01405000
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01409800 RSA_new_method,OPENSSL_malloc,ENGINE_get_RSA_method,CRYPTO_once,CRYPTO_MUTEX_init,CRYPTO_new_ex_data,CRYPTO_free_ex_data,CRYPTO_MUTEX_cleanup,OPENSSL_free,ERR_put_error,39_2_01409800
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532810 CRYPTO_STATIC_MUTEX_lock_read,abort,39_2_01532810
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3C70 EVP_aes_256_gcm,CRYPTO_once,39_2_013F3C70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F5870 DES_ecb_encrypt,39_2_013F5870
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F7070 DES_ede2_cbc_encrypt,DES_ede3_cbc_encrypt,39_2_013F7070
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F7870 EVP_sha224,CRYPTO_once,39_2_013F7870
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532830 CRYPTO_STATIC_MUTEX_lock_write,abort,39_2_01532830
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3C50 EVP_aes_256_ofb,CRYPTO_once,39_2_013F3C50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4050 EVP_aead_aes_256_gcm_tls13,CRYPTO_once,39_2_013F4050
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FAC50 EC_GROUP_new_by_curve_name,CRYPTO_once,CRYPTO_STATIC_MUTEX_lock_read,CRYPTO_STATIC_MUTEX_unlock_read,OPENSSL_malloc,BN_bin2bn,ERR_put_error,ERR_put_error,ERR_put_error,EC_GROUP_free,BN_free,sk_pop_free_ex,OPENSSL_free,OPENSSL_free,CRYPTO_STATIC_MUTEX_lock_write,OPENSSL_free,39_2_013FAC50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD040 EC_KEY_dup,EC_KEY_new_method,EC_GROUP_cmp,ERR_put_error,ERR_put_error,CRYPTO_refcount_inc,EC_KEY_set_public_key,EC_KEY_set_private_key,EC_KEY_free,39_2_013FD040
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3CB0 EVP_aes_192_ecb,CRYPTO_once,39_2_013F3CB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014060D0 CRYPTO_gcm128_encrypt_ctr32,39_2_014060D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01406CE0 CRYPTO_gcm128_finish,CRYPTO_memcmp,39_2_01406CE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D3090 EVP_PKEY_new_raw_private_key,OPENSSL_malloc,ERR_put_error,ERR_put_error,ERR_put_error,ERR_add_error_dataf,CRYPTO_refcount_dec_and_test_zero,OPENSSL_free,39_2_013D3090
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3C90 EVP_aes_128_ecb,CRYPTO_once,39_2_013F3C90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FA890 EC_GROUP_set_generator,ERR_put_error,BN_num_bits,BN_new,BN_lshift1,BN_cmp,EC_POINT_new,EC_POINT_copy,BN_copy,ERR_put_error,EC_POINT_free,BN_free,BN_MONT_CTX_free,BN_MONT_CTX_new_for_modulus,BN_cmp,BN_sub,CRYPTO_refcount_dec_and_test_zero,39_2_013FA890
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F6C80 DES_ecb3_encrypt,DES_encrypt3,DES_decrypt3,39_2_013F6C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01404C80 CRYPTO_gcm128_setiv,39_2_01404C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532890 CRYPTO_once,abort,39_2_01532890
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3CF0 EVP_aead_aes_128_gcm,CRYPTO_once,39_2_013F3CF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F78F0 EVP_sha256,CRYPTO_once,39_2_013F78F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FDCF0 EC_KEY_generate_key,BN_num_bits,ERR_put_error,OPENSSL_malloc,ERR_put_error,OPENSSL_malloc,CRYPTO_refcount_inc,memset,OPENSSL_free,EC_GROUP_free,OPENSSL_free,ERR_put_error,EC_GROUP_free,OPENSSL_free,OPENSSL_free,39_2_013FDCF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DDCE0 AES_ecb_encrypt,39_2_013DDCE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_015328B0 CRYPTO_get_thread_local,abort,39_2_015328B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D94D0 AES_set_decrypt_key,39_2_013D94D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3CD0 EVP_aes_256_ecb,CRYPTO_once,39_2_013F3CD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01409CB0 RSA_up_ref,CRYPTO_refcount_inc,39_2_01409CB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D58C0 X509_parse_from_buffer,CRYPTO_BUFFER_len,X509_it,ASN1_item_new,CRYPTO_BUFFER_data,CRYPTO_BUFFER_len,X509_it,ASN1_item_d2i,CRYPTO_BUFFER_data,CRYPTO_BUFFER_len,CRYPTO_BUFFER_up_ref,ERR_put_error,X509_it,ASN1_item_free,39_2_013D58C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F38C0 EVP_EncryptInit,memset,EVP_CipherInit_ex,39_2_013F38C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01521F50 CRYPTO_BUFFER_data,39_2_01521F50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3B30 EVP_aes_128_ctr,CRYPTO_once,39_2_013F3B30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3F30 EVP_aead_aes_256_gcm_tls12,CRYPTO_once,39_2_013F3F30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4330 EVP_des_ede3,CRYPTO_once,39_2_013F4330
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01531740 CRYPTO_free_ex_data,CRYPTO_STATIC_MUTEX_lock_read,sk_num,sk_dup,CRYPTO_STATIC_MUTEX_unlock_read,ERR_put_error,CRYPTO_STATIC_MUTEX_unlock_read,sk_num,sk_num,sk_value,sk_num,sk_value,sk_free,sk_free,39_2_01531740
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FAB20 EC_POINT_new,OPENSSL_malloc,CRYPTO_refcount_inc,memset,ERR_put_error,39_2_013FAB20
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D7310 AES_set_encrypt_key,39_2_013D7310
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3B10 EVP_aes_128_cbc,CRYPTO_once,39_2_013F3B10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01521F60 CRYPTO_BUFFER_len,39_2_01521F60
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3B70 EVP_aes_128_gcm,CRYPTO_once,39_2_013F3B70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F7770 EVP_md5,CRYPTO_once,39_2_013F7770
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DE760 AES_cfb128_encrypt,39_2_013DE760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F5760 DES_decrypt3,39_2_013F5760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01521F30 CRYPTO_BUFFER_up_ref,CRYPTO_refcount_inc,39_2_01521F30
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01531730 CRYPTO_new_ex_data,39_2_01531730
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3350 EVP_EncryptFinal_ex,memset,ERR_put_error,39_2_013F3350
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3B50 EVP_aes_128_ofb,CRYPTO_once,39_2_013F3B50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3740 EVP_CIPHER_CTX_encrypting,39_2_013F3740
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3BB0 EVP_aes_192_ctr,CRYPTO_once,39_2_013F3BB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DE3A0 AES_ofb128_encrypt,39_2_013DE3A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F43A0 EVP_des_ede3_ecb,CRYPTO_once,39_2_013F43A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014207E0 ERR_clear_error,CRYPTO_get_thread_local,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_malloc,memset,CRYPTO_set_thread_local,39_2_014207E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D6F90 AES_decrypt,39_2_013D6F90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3B90 EVP_aes_192_cbc,CRYPTO_once,39_2_013F3B90
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014087F0 RSA_padding_add_PKCS1_OAEP_mgf1,CRYPTO_once,ERR_put_error,EVP_Digest,memset,memcpy,OPENSSL_malloc,OPENSSL_free,39_2_014087F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01420FF0 ERR_put_error,CRYPTO_get_thread_local,GetLastError,OPENSSL_free,OPENSSL_malloc,memset,CRYPTO_set_thread_local,39_2_01420FF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD380 EC_KEY_up_ref,CRYPTO_refcount_inc,39_2_013FD380
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FCF80 EC_KEY_free,CRYPTO_refcount_dec_and_test_zero,EC_GROUP_free,EC_GROUP_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,OPENSSL_free,CRYPTO_free_ex_data,39_2_013FCF80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FDF80 EC_KEY_get_ex_new_index,CRYPTO_get_ex_new_index,39_2_013FDF80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F33F0 EVP_DecryptUpdate,memcpy,EVP_EncryptUpdate,memcpy,39_2_013F33F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3BF0 EVP_aes_192_gcm,CRYPTO_once,39_2_013F3BF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F77F0 EVP_sha1,CRYPTO_once,39_2_013F77F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FDFE0 EC_KEY_get_ex_data,CRYPTO_get_ex_data,39_2_013FDFE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DD3D0 AES_unwrap_key,memmove,CRYPTO_memcmp,39_2_013DD3D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3BD0 EVP_aes_192_ofb,CRYPTO_once,39_2_013F3BD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD7D0 EC_KEY_set_public_key_affine_coordinates,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_POINT_set_affine_coordinates_GFp,EC_KEY_set_public_key,EC_KEY_check_key,EC_GROUP_free,OPENSSL_free,ERR_put_error,39_2_013FD7D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01532800 CRYPTO_MUTEX_cleanup,39_2_01532800
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3FC0 EVP_aead_aes_128_gcm_tls13,CRYPTO_once,39_2_013F3FC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FDFC0 EC_KEY_set_ex_data,CRYPTO_set_ex_data,39_2_013FDFC0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DD630 AES_unwrap_key_padded,memmove,CRYPTO_memcmp,39_2_013DD630
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4620 DES_encrypt3,39_2_013F4620
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01531670 CRYPTO_set_ex_data,sk_new_null,sk_num,sk_push,sk_set,ERR_put_error,39_2_01531670
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D5A10 X509_get_ex_data,CRYPTO_get_ex_data,39_2_013D5A10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3210 EVP_EncryptUpdate,memcpy,memcpy,memcpy,39_2_013F3210
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3E10 EVP_aead_aes_256_gcm,CRYPTO_once,39_2_013F3E10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01406E70 CRYPTO_gcm128_tag,CRYPTO_gcm128_finish,memcpy,39_2_01406E70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F7A70 EVP_md5_sha1,CRYPTO_once,39_2_013F7A70
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FB270 EC_GROUP_dup,CRYPTO_refcount_inc,39_2_013FB270
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01421210 ERR_add_error_dataf,OPENSSL_malloc,BIO_vsnprintf,CRYPTO_get_thread_local,OPENSSL_free,OPENSSL_malloc,memset,CRYPTO_set_thread_local,OPENSSL_free,39_2_01421210
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3A60 CRYPTO_gcm128_init_key,memset,39_2_013F3A60
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F4250 EVP_des_ede_cbc,CRYPTO_once,39_2_013F4250
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3640 EVP_CipherUpdate,EVP_DecryptUpdate,39_2_013F3640
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FBA40 EC_POINT_dup,OPENSSL_malloc,CRYPTO_refcount_inc,memset,EC_GROUP_cmp,ERR_put_error,EC_GROUP_free,OPENSSL_free,ERR_put_error,memcpy,memcpy,memcpy,39_2_013FBA40
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FCE40 EC_KEY_new_method,OPENSSL_malloc,ENGINE_get_ECDSA_method,CRYPTO_new_ex_data,CRYPTO_free_ex_data,OPENSSL_free,ERR_put_error,39_2_013FCE40
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FA6B0 EC_GROUP_new_curve_GFp,BN_num_bits,CRYPTO_once,OPENSSL_malloc,memset,ERR_put_error,OPENSSL_free,ERR_put_error,EC_GROUP_free,39_2_013FA6B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014066D0 CRYPTO_gcm128_decrypt_ctr32,39_2_014066D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F3EA0 EVP_aead_aes_128_gcm_tls12,CRYPTO_once,39_2_013F3EA0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_015316F0 CRYPTO_get_ex_data,sk_num,sk_value,39_2_015316F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D6290 AES_encrypt,39_2_013D6290
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01425EF0 CRYPTO_memcmp,39_2_01425EF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E0280 BN_value_one,CRYPTO_once,39_2_013E0280
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F76F0 EVP_md4,CRYPTO_once,39_2_013F76F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014052A0 CRYPTO_gcm128_encrypt,39_2_014052A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_015146B0 CRYPTO_refcount_inc,CRYPTO_STATIC_MUTEX_lock_write,CRYPTO_STATIC_MUTEX_unlock_write,39_2_015146B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F42C0 EVP_des_ede,CRYPTO_once,39_2_013F42C0
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\4924ec51-3e48-5cb7-b145-2119467094c7Jump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\3rdpartylicenses.txtJump to behavior
Source: Binary string: libEGL.dll.pdbS source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: ffmpeg.dll.pdbP" source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: ffmpeg.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: z:\development\usb\api\objfre_win7_x86\i386\AdbWinApi.pdb source: adb.exe
Source: Binary string: D3DCompiler_47.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: libEGL.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: electron.exe.pdb source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmp
Source: Binary string: libGLESv2.dll.pdb, source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.369733463.0000000005720000.00000004.00000001.sdmp
Source: Binary string: libGLESv2.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.369733463.0000000005720000.00000004.00000001.sdmp
Source: Binary string: z:\development\usb\winusb\objfre_win7_x86\i386\AdbWinUsbApi.pdb source: adb.exe
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00406A15 FindFirstFileW,FindClose,16_2_00406A15
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00406C25 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,16_2_00406C25
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00402EAA FindFirstFileW,16_2_00402EAA
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resourcesJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\appJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\buildJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\imagesJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assetsJump to behavior
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: --optimize-for-size--noharmony-shipping--harmony--wasm-staging--harmony-dynamic-import --harmony-import-meta--future--no-future--liftoff --wasm-tier-up--no-liftoff --no-wasm-tier-up--wasm-code-gc--no-wasm-code-gc--experimental-wasm-simd--no-experimental-wasm-simd--harmony-sharedarraybuffer --no-wasm-disable-structured-cloning --experimental-wasm-threads--wasm-disable-structured-cloning--harmony-sharedarraybuffer--no-harmony-sharedarraybuffer--no-wasm-trap-handler--no-untrusted-code-mitigationsV8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comyahooamazonwikipedia equals www.youtube.com (Youtube)
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://.css
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://.jpg
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://EVSecure-crl.geotrust.com/GeoTrustPCA.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://EVSecure-ocsp.geotrust.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://aia.startssl.com/certs/ca.crt02
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://aia1.wosign.com/ca1-class3-server.cer0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://aia1.wosign.com/ca1g2-server3.cer0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt
Source: wget.exe, 00000002.00000003.206566930.0000000002B0A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://certs.starfieldtech.com/repository/1402
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformed
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crbug.com/490015
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://crbug.com/619103.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://crbug.com/619103.Subsequence
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0h
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.comodoca.com/SecureCertificateServices.crl09
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.comodoca.com/TrustedCertificateServices.crl0:
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.entrust.net/rootca1.crl0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.geotrust.com/GeoTrustPCA-G3.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.geotrust.com/crls/gtglobal.crl04
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0F
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.geotrust.com/crls/secureca.crl0N
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0V
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.globalsign.net/root.crl0=
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfroot-g2.crl0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfroot.crl0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.startssl.com/sfsca.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA-G3.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl.ws.symantec.com/universal-root.crl0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl0:
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crlom
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crlFr
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl&r
Source: wget.exe, 00000002.00000003.206566930.0000000002B0A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: wget.exe, 00000002.00000003.206554414.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0L
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crlQMM
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crls1.wosign.com/ca1.crl0m
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crls1.wosign.com/ca1.crl0q
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: adb.exeString found in binary or memory: http://developer.android.com/tools/device.html
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://exslt.org/common
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g.symcb.com/GeoTrustPCA-G3.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g.symcb.com/crls/gtglobal.crl0.
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g.symcd.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g.symcd.com0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g1.symcb.com/GeoTrustPCA.crl0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g1.symcb.com/crls/gtglobal.crl0/
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g2.symcb.com0G
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://g2.symcb.com0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://https://.com
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://icl.com/saxon
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.369733463.0000000005720000.00000004.00000001.sdmpString found in binary or memory: http://llvm.org/):
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000000.324863227.0000000000409000.00000002.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error...
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://o.ss2.us/0
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com
Source: SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wget.exe, 00000002.00000003.206576215.0000000002AF1000.00000004.00000001.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0M
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com5Ma
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.entrust.net00
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.entrust.net02
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.geotrust.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.geotrust.com0L
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr10
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.godaddy.com/02
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/08
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.startssl.com/ca0-
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.startssl.com/ca00
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.startssl.com00
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.thawte.com0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp.ws.symantec.com0k
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp1.wosign.com/ca104
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://ocsp1.wosign.com/ca108
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://pca-g3-ocsp.geotrust.com0
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://report-example.test/test
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://repository.certum.pl/ca.cer09
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://s2.symcb.com0k
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://subca.ocsp-certum.com0.
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://subca.ocsp-certum.com01
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t.symcb.com/ThawtePCA.crl0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t.symcd.com01
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0/
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t2.symcb.com0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://t2.symcb.com0A
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://unisolated.invalid
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://wpad/wpad.datoriginal_urlexpect_spdyusing_quicproto
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.entrust.net/CPS0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.entrust.net/rpa0
Source: SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.geotrust.com/resources/cps0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.geotrust.com/resources/cps0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.geotrust.com/resources/cps06
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.geotrust.com/resources/cps0;
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.geotrust.com/resources/cps0A
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.google.com/support/talk/bin/request.py
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.keynectis.com/PC07
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.keynectis.com/PC08
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.startssl.com/intermediate.pdf0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.startssl.com/policy.pdf04
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.startssl.com/policy0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.startssl.com/sfsca.crl0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.startssl.com/sfsca.crt0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.symauth.com/rpa0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.symauth.com/rpa0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.webrtc.org/experiments/rtp-hdre
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-spaceurn:ietf:params:rtp-hdrext:sdes:rtp-stream-i
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00http://www.webrtc.org/experi
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-01
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-02
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://www.wosign.com/policy/0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtddddn%
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://android.com/pay
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.android.clients.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.bigcache.googleapis.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.docs.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.drive.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.googlesyndication.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.pack.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.play.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://c.youtube.com/
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://certs.godaddy.com/repository/0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/P
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://clients2.google.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://clients3.google.com/ct_upload
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://clients3.google.com/ct_uploadhttps://log.getdropbox.com/log/expectcthttps://scotthelme.repor
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/401439).
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/680046)
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/680046).
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/680046).pS?v
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/824383
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/824383Effective
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/824647
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/882238.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/927119
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/927119ExecuteModule
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/954323
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/954323An
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/954323Blink.VisibleLoadTime.LazyLoadImages.AboveTheFold.Slow2GBlink.VisibleLoadTim
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/979235.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/979235.Document
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/981419
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/v8/8520
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://crbug.com/v8/8520optimize_for_sizeEnables
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://cspreports.srvcs.tumblr.com/hpkp
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dev.chromium.org/throttling
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://developers.chrome.com/origintrials/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://developers.chrome.com/origintrials/Error
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.write:~:targetText
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dns.google/dns-query
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11Quad9
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://docs.google.com/
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query?no_ecs=true
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://gcp.gvt2.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://gcp.gvt6.com/
Source: wget.exe, 00000002.00000003.206554414.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: https://github-production-release-asset-2e65be.s3.amazonaws.com/254852798/66286400-1a24-11eb-8bb4-76
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: https://github.com/SideQuestVR/SideQuest#readme
Source: wget.exe, 00000002.00000002.294253096.0000000000190000.00000004.00000020.sdmpString found in binary or memory: https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/WICG/feature-policy/blob/master/features.md#sensor-features
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.md
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/14909
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/21219
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimX
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimXOrigin
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimXgetDescriptor(s)
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimXreadValue()
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimXrequestDevice()
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/4NeimXwriteValue()
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/7K7WLu
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/7K7WLu.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/7K7WLuThe
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/EuHzyv
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/HxfxSQ
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/HxfxSQOrigin
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/HxfxSQrequestDevice()
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/J6ASzs
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/J6ASzsBluetooth
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/LdLk22Empty
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/LdLk22Failed
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/Y0ZkNV).
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/xX8pDD
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/xX8pDDplay()
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/ximf56
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/ximf56Allow
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/yabPex
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://goo.gl/yabPexextra_keys_may_be_added_here.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://google-analytics.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://google.com/pay
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://google.com/payhttps://android.com/payTESTTotal
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://googlevideo.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://gvt1.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://gvt2.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://gvt6.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://history.report-uri.com/r/d/ct/reportOnly
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://log.getdropbox.com/hpkp
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://log.getdropbox.com/hpkppn
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://log.getdropbox.com/log/expectct
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://matteomarescotti.report-uri.com/r/d/ct/reportOnly
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://mikewest.github.io/cors-rfc1918/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.8.1/node-v12.8.1-headers.tar.gz
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.8.1/node-v12.8.1.tar.gz
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.8.1/node-v12.8.1.tar.gzhttps://nodejs.org/download/release/v
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.8.1/win-x64/node.lib
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://scotthelme.report-uri.com/r/d/ct/reportOnly
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://ssl.gstatic.com/
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://tobiassachs.report-uri.com/r/d/ct/reportOnly
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#sec-assertion-privacy.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://w3c.github.io/webauthn/#sec-assertion-privacy.This
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://wicg.github.io/cors-rfc1918/
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.alphassl.com/repository/03
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4510564810227712.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4532810371039232
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808BeforeUnloadNoGestureBlocked
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5088147346030592
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5088147346030592.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5138066234671104
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5148050062311424
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5148050062311424LitePageServedmailto;
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5527160148197376
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.The
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5633521622188032.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrate
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.Blocked
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5687444770914304
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5709390967472128
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5735596811091968
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWil
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6451284559265792
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6708326821789696
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/%s
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/4964279606312960
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5093566007214080
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5637885046816768.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5654810086866944
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5851021045661696.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5851021045661696.The
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6107495151960064
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6662647093133312
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6680566019653632
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS
Source: wget.exe, 00000002.00000003.293980551.0000000002AF0000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp, SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS=
Source: wget.exe, 00000002.00000003.294110309.0000000002AB8000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPSx
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.geotrust.com/resources/cps04
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.geotrust.com/resources/cps06
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.geotrust.com/resources/repository0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.globalsign.com/repository/03
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.google.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.google./_/chrome/plus.google.cominbox.google.comdrive.google.comServiceWorker.DiskCache.
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://www.google.com/
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb&/down?speech_recognition_downstre
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthchannelsignalToNoiseRatio
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.thawte.com/cps0
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.thawte.com/cps0)
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.thawte.com/cps02
Source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpString found in binary or memory: https://www.thawte.com/cps07
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00404D2A GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,16_2_00404D2A
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_0040423E GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,16_2_0040423E
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands:

barindex
Writes many files with high entropyShow sources
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe entropy: 7.999626739Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\app-64.7z entropy: 7.99986891439Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\Synth.png entropy: 7.99094046292Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\TopBack.png entropy: 7.992172694Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Bold.c0f1e4a4fdfb8048c72e.woff2 entropy: 7.99667559925Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Bold.eed9aab5449cc9c8430d.woff entropy: 7.99523953134Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Light.3c37aa69cd77e6a53a06.woff2 entropy: 7.99676386664Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Light.ea36cd9a0e9eee97012a.woff entropy: 7.99550893184Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Medium.1561b424aaef2f704bbd.woff2 entropy: 7.99654058175Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Medium.cf4d60bc0b1d4b231408.woff entropy: 7.99574300073Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Regular.3cf6adf61054c328b1b0.woff entropy: 7.9951569146Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Regular.5136cbe62a63604402f2.woff2 entropy: 7.99657346952Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Thin.1f35e6a11d27d2e10d28.woff2 entropy: 7.99634995711Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Thin.44b78f142603eb69f593.woff entropy: 7.99490871522Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\TopBack.945625bb1bad519c66d7.png entropy: 7.992172694Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icon.icns entropy: 7.99079002382Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\sidequest-updater\installer.exe entropy: 7.999626739Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy.zip entropy: 7.99770763267Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 entropy: 7.99479785573Jump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_032710D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,16_2_032710D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_70985492: DeviceIoControl,37_2_70985492
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_004039ED EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,16_2_004039ED
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_0040464D16_2_0040464D
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_004073B316_2_004073B3
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013D951037_2_013D9510
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F6D0037_2_013F6D00
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FD94037_2_013FD940
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014059C037_2_014059C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F69B037_2_013F69B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DD99037_2_013DD990
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013FBD8037_2_013FBD80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_0140286037_2_01402860
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014060D037_2_014060D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01403CE037_2_01403CE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01404C8037_2_01404C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013EB8D037_2_013EB8D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DF0C037_2_013DF0C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DE76037_2_013DE760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F576037_2_013F5760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E034037_2_013E0340
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F134037_2_013F1340
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014033E037_2_014033E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01408FE037_2_01408FE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014087F037_2_014087F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E0FE037_2_013E0FE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_012F07C037_2_012F07C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F43C037_2_013F43C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013DD63037_2_013DD630
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013F462037_2_013F4620
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01411A1037_2_01411A10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_012F02A037_2_012F02A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014066D037_2_014066D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014106D037_2_014106D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E429037_2_013E4290
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E2AF037_2_013E2AF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_014052A037_2_014052A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013EEAD037_2_013EEAD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_01406EB037_2_01406EB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E02C037_2_013E02C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013E46C037_2_013E46C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_70438B1737_2_70438B17
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_709905BF37_2_709905BF
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_7098DFEF37_2_7098DFEF
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013EEC0039_2_013EEC00
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013D951039_2_013D9510
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F6D0039_2_013F6D00
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FD94039_2_013FD940
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014059C039_2_014059C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F69B039_2_013F69B0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DD99039_2_013DD990
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013FBD8039_2_013FBD80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_0140286039_2_01402860
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014060D039_2_014060D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01403CE039_2_01403CE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01404C8039_2_01404C80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013EB8D039_2_013EB8D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DF0C039_2_013DF0C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DE76039_2_013DE760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F576039_2_013F5760
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E034039_2_013E0340
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F134039_2_013F1340
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014033E039_2_014033E0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01408FE039_2_01408FE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014087F039_2_014087F0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E0FE039_2_013E0FE0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_012F07C039_2_012F07C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F43C039_2_013F43C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013DD63039_2_013DD630
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013F462039_2_013F4620
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01411A1039_2_01411A10
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_012F02A039_2_012F02A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014066D039_2_014066D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014106D039_2_014106D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E429039_2_013E4290
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E2AF039_2_013E2AF0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_014052A039_2_014052A0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013EEAD039_2_013EEAD0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01406EB039_2_01406EB0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E02C039_2_013E02C0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_013E46C039_2_013E46C0
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: String function: 00406AF2 appears 59 times
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: String function: 01425D90 appears 32 times
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: String function: 01532890 appears 76 times
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: String function: 70988D28 appears 37 times
Source: SideQuest-Setup-0.10.18-x64-win.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeSection loaded: twinapi.dllJump to behavior
Source: classification engineClassification label: sus36.rans.evad.win@24/271@0/22
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_004039ED EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,16_2_004039ED
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_0040423E GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,16_2_0040423E
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_004024EA CoCreateInstance,16_2_004024EA
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeMutant created: \Sessions\1\BaseNamedObjects\4924ec51-3e48-5cb7-b145-2119467094c7
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeMutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4120:120:WilError_01
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsw49E2.tmpJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: adb.exeString found in binary or memory: external/boringssl/src/crypto/fipsmodule/bn/add.c
Source: adb.exeString found in binary or memory: irectory, the bug report is saved in that directory. devices that don't support zipped bug reports output to stdout. jdwp list pids of processes hosting a JDWP transport logcat show device log (logcat --help for mor
Source: adb.exeString found in binary or memory: irectory, the bug report is saved in that directory. devices that don't support zipped bug reports output to stdout. jdwp list pids of processes hosting a JDWP transport logcat show device log (logcat --help for mor
Source: adb.exeString found in binary or memory: rescue-install
Source: adb.exeString found in binary or memory: external/boringssl/src/crypto/fipsmodule/bn/add.c
Source: adb.exeString found in binary or memory: adb: connect error for install-add-session: %s
Source: adb.exeString found in binary or memory: install-add-session
Source: adb.exeString found in binary or memory: --help
Source: adb.exeString found in binary or memory: --help
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe' > cmdline.out 2>&1
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe'
Source: unknownProcess created: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe 'C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe start-server
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe adb -L tcp:5037 fork-server server --reply-fd 636
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe' Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe start-serverJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe adb -L tcp:5037 fork-server server --reply-fd 636
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeAutomated click: Next >
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\4924ec51-3e48-5cb7-b145-2119467094c7Jump to behavior
Source: Binary string: libEGL.dll.pdbS source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: ffmpeg.dll.pdbP" source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: ffmpeg.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: z:\development\usb\api\objfre_win7_x86\i386\AdbWinApi.pdb source: adb.exe
Source: Binary string: D3DCompiler_47.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: libEGL.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: `OTHER`TEMP`PACKED<%s return value>internal error: failed to write debug data to pdb streaminternal error: failed to add section contributioninternal warning: PDB Error string is "%S"internal error: failed to close debug infointernal error: failed to close PDBinternal error: failed to open PDB for writing in streaminternal error: failed to create debug info in PDBinternal error: failed to add code section to debug infointernal error: failed to add module to debug infointernal error: failed to create type info in PDBinternal error: failed to create inline type info in PDBinternal error: failed to create source file store in PDBinternal error: failed to close source file store in PDBinternal error: failed to close module in debug infointernal error: failed to commit type info in PDBinternal error: failed to commit inline type info in PDBinternal error: failed to add section header to debug infointernal error: failed to append section header to pdbinternal error: failed to close section header in debug infointernal error: failed to close debug info in PDBinternal error: failed to commit PDBinternal error: PDB data too largeinternal error: PDB stream truncatedinternal error: failed to close source file storeinternal error: failed to close type infointernal error: pdb append failedfxl_4_0too many arguments to target TXtoo many outputs to target TXclip not supported in texture shadersinvalid reference to input semantic '%s%d'invalid reference to output semantic '%s%d'0123456789abcdef.pdbVPosSV_ViewportArrayIndexColorFailed to log error, redirecting to debug output: source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmp
Source: Binary string: electron.exe.pdb source: SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmp
Source: Binary string: libGLESv2.dll.pdb, source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.369733463.0000000005720000.00000004.00000001.sdmp
Source: Binary string: libGLESv2.dll.pdb source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.369733463.0000000005720000.00000004.00000001.sdmp
Source: Binary string: z:\development\usb\winusb\objfre_win7_x86\i386\AdbWinUsbApi.pdb source: adb.exe
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_032710D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,16_2_032710D0
Source: System.dll.16.drStatic PE information: real checksum: 0x0 should be: 0xe5c7
Source: SideQuest-Setup-0.10.18-x64-win.exe.2.drStatic PE information: real checksum: 0x39a6ce6 should be:
Source: UAC.dll.16.drStatic PE information: real checksum: 0x0 should be: 0xde12
Source: adb.exe.35.drStatic PE information: section name: .buildid
Source: adb.exe.35.drStatic PE information: section name: .gcc_exc
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_70434885 push ecx; ret 37_2_70434898
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_704349B5 push ecx; ret 37_2_704349C8
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_709880B4 push ecx; ret 37_2_709880C7
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_70988D6D push ecx; ret 37_2_70988D80
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 39_2_01421210 push eax; mov dword ptr [esp], 00000000h39_2_01421214
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\make_f2fs.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avutil-56.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avformat-58.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\etc1tool.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\dmtracedump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\dmtracedump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\sqlite3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\AdbWinApi.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\UAC.dllJump to dropped file
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\fastboot.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\etc1tool.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinApi.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\mke2fs.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\hprof-conv.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swresample-3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\adb.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\libwinpthread-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\AdbWinUsbApi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\hprof-conv.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\mke2fs.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\WinShell.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swscale-5.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\adb.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\sqlite3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy-noconsole.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\fastboot.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\libwinpthread-1.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\Uninstall SideQuest.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\AdbWinUsbApi.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinUsbApi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\make_f2fs.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\SDL2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\AdbWinApi.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\sidequest-updater\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avcodec-58.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile created: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\3rdpartylicenses.txtJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SideQuest.lnkJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\make_f2fs.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\libwinpthread-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avutil-56.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\hprof-conv.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avformat-58.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\etc1tool.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\dmtracedump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\mke2fs.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\dmtracedump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\sqlite3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swscale-5.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\sqlite3.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\fastboot.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\etc1tool.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy-noconsole.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\mke2fs.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\fastboot.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\libwinpthread-1.dllJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\hprof-conv.exeJump to dropped file
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SideQuest\Uninstall SideQuest.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swresample-3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\make_f2fs.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\SDL2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\adb.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avcodec-58.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_37-20650
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeAPI coverage: 2.2 %
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeAPI coverage: 0.6 %
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe TID: 2000Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe TID: 5748Thread sleep time: -220000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile Volume queried: C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile Volume queried: C:\Users\user\AppData\Roaming\SideQuest\blob_storage\3323e1c4-dbc4-4423-a722-00be5af63380 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeFile Volume queried: C:\Users\user\AppData\Roaming\SideQuest\Cache FullSizeInformation
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00406A15 FindFirstFileW,FindClose,16_2_00406A15
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00406C25 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,16_2_00406C25
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_00402EAA FindFirstFileW,16_2_00402EAA
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_7043564A __get_wpgmptr,VirtualQuery,GetSystemInfo,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect,37_2_7043564A
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resourcesJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\appJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\buildJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\imagesJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeFile opened: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assetsJump to behavior
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: VMware, Inc.
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: VMware Inc.
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: Qemu Audio Device
Source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga2
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000003.356963592.0000000005920000.00000004.00000001.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeAPI call chain: ExitProcess graph end nodegraph_37-20651
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_032710D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,16_2_032710D0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_7043A70A _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,37_2_7043A70A
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_704347BF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_704347BF
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_7098F063 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,37_2_7098F063
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_70987FB3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_70987FB3
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe start-serverJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeProcess created: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe adb -L tcp:5037 fork-server server --reply-fd 636
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeProcess created: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe 'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1Jump to behavior
Source: SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpBinary or memory string: WindowCapturerWin::CaptureFrame../../third_party/webrtc/modules/desktop_capture/window_capturer_win.ccWindow hasn't been selected: target window has been closedFailed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)SysShadowProgmanApplicationFrameWindowWindows.UI.Core.CoreWindow../../third_party/webrtc/modules/desktop_capture/win/dxgi_frame.ccDxgiFrame cannot create a new DesktopFrame.../../third_party/webrtc/modules/desktop_capture/win/dxgi_adapter_duplicator.ccIDXGIAdapter::EnumOutputs returns NOT_CURRENTLY_AVAILABLE. This may happen when running in session 0.IDXGIAdapter::EnumOutputs returns an unexpected result with error codeFailed to convert IDXGIOutput to IDXGIOutput1, this usually means the system does not support DirectX 11Failed to initialize DxgiOutputDuplicator on output Attached output ) is ignored.Failed to get output description of device , ignore.Cannot initialize any DxgiOutputDuplicator instance.
Source: SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd0
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: GetLocaleInfoA,37_2_7043BA50
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: GetLocaleInfoA,37_2_7099168F
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest\resources VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\Local Storage\leveldb\MANIFEST-000001 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app-update.yml VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\Session Storage\MANIFEST-000001 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest\resources VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeQueries volume information: C:\Users\user\AppData\Roaming\SideQuest\scrcpy.zip VolumeInformation
Source: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exeCode function: 37_2_013611E0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,37_2_013611E0
Source: C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exeCode function: 16_2_004039ED EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,16_2_004039ED
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter12Windows Service1Access Token Manipulation1Masquerading1Input Capture21System Time Discovery1Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsNative API2Registry Run Keys / Startup Folder1Windows Service1Virtualization/Sandbox Evasion2LSASS MemoryQuery Registry1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)DLL Side-Loading1Process Injection12Disable or Modify Tools1Security Account ManagerSecurity Software Discovery11SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder1Access Token Manipulation1NTDSVirtualization/Sandbox Evasion2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptDLL Side-Loading1Process Injection12LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncFile and Directory Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemSystem Information Discovery37Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 336860 URL: https://github.com/SideQues... Startdate: 07/01/2021 Architecture: WINDOWS Score: 36 6 SideQuest-Setup-0.10.18-x64-win.exe 13 232 2->6         started        10 SideQuest.exe 3 58 2->10         started        13 cmd.exe 2 2->13         started        dnsIp3 46 C:\Users\user\AppData\Local\...\installer.exe, PE32 6->46 dropped 48 C:\Users\user\AppData\Local\...\SideQuest.exe, PE32+ 6->48 dropped 50 C:\Users\user\AppData\Local\...\app-64.7z, 7-zip 6->50 dropped 58 41 other files (15 malicious) 6->58 dropped 82 Writes many files with high entropy 6->82 62 52.216.205.163 AMAZON-02US United States 10->62 64 127.0.0.1 unknown unknown 10->64 66 192.168.2.1 unknown unknown 10->66 52 C:\Users\user\AppData\Roaming\...\scrcpy.zip, Zip 10->52 dropped 54 C:\Users\user\AppData\...\swscale-5.dll, PE32+ 10->54 dropped 56 C:\Users\user\AppData\...\swresample-3.dll, PE32+ 10->56 dropped 60 9 other files (none is malicious) 10->60 dropped 15 SideQuest.exe 10->15         started        19 SideQuest.exe 10->19         started        21 adb.exe 10->21         started        28 2 other processes 10->28 23 wget.exe 3 13->23         started        26 conhost.exe 13->26         started        file4 signatures5 process6 dnsIp7 68 78.159.97.6 LEASEWEB-DE-FRA-10DE Germany 15->68 70 172.217.168.3 GOOGLEUS United States 15->70 80 13 other IPs or domains 15->80 34 C:\Users\...\77EC63BDA74BD0D0E0426DC8F8008506, Microsoft 15->34 dropped 72 185.199.109.153 FASTLYUS Netherlands 19->72 36 C:\Users\user\AppData\Roaming\...\sqlite3.exe, PE32 19->36 dropped 38 C:\Users\user\AppData\Roaming\...\mke2fs.exe, PE32 19->38 dropped 40 C:\Users\user\AppData\...\make_f2fs.exe, PE32 19->40 dropped 44 8 other files (none is malicious) 19->44 dropped 30 conhost.exe 21->30         started        32 adb.exe 21->32         started        74 8.8.8.8 GOOGLEUS United States 23->74 76 140.82.121.3 GITHUBUS United States 23->76 78 52.216.178.91 AMAZON-02US United States 23->78 42 C:\...\SideQuest-Setup-0.10.18-x64-win.exe, PE32 23->42 dropped 84 Writes many files with high entropy 23->84 file8 signatures9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe0%VirustotalBrowse
https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\Uninstall SideQuest.exe2%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\d3dcompiler_47.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Programs\SideQuest\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\ffmpeg.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Programs\SideQuest\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinApi.dll2%ReversingLabs
C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinUsbApi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.startssl.com/policy.pdf040%VirustotalBrowse
http://www.startssl.com/policy.pdf040%Avira URL Cloudsafe
http://crbug.com/619103.Subsequence0%Avira URL Cloudsafe
https://crbug.com/680046)0%Avira URL Cloudsafe
https://dns11.quad9.net/dns-query0%VirustotalBrowse
https://dns11.quad9.net/dns-query0%Avira URL Cloudsafe
https://crbug.com/680046).pS?v0%Avira URL Cloudsafe
http://unisolated.invalid0%Avira URL Cloudsafe
https://crbug.com/979235.0%Avira URL Cloudsafe
https://crbug.com/9814190%Avira URL Cloudsafe
http://crbug.com/619103.0%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html0%Avira URL Cloudsafe
http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformed0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
http://www.startssl.com/policy00%URL Reputationsafe
http://www.startssl.com/policy00%URL Reputationsafe
http://www.startssl.com/policy00%URL Reputationsafe
http://narwhaljs.org)0%Avira URL Cloudsafe
https://crbug.com/954323Blink.VisibleLoadTime.LazyLoadImages.AboveTheFold.Slow2GBlink.VisibleLoadTim0%Avira URL Cloudsafe
http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
http://report-example.test/test0%Avira URL Cloudsafe
http://crbug.com/4900150%Avira URL Cloudsafe
http://www.jclark.com/xt0%Avira URL Cloudsafe
http://www.startssl.com/sfsca.crl00%Avira URL Cloudsafe
http://icl.com/saxon0%Avira URL Cloudsafe
http://aia.startssl.com/certs/ca.crt020%Avira URL Cloudsafe
http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck0%Avira URL Cloudsafe
https://crbug.com/8246470%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
https://w3c.github.io/encrypted-media/#direct-individualization.0%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
https://beacons.gcp.gvt2.com/domainreliability/upload0%Avira URL Cloudsafe
https://crbug.com/954323An0%Avira URL Cloudsafe
https://chrome-devtools-frontend.appspot.com/%s%s/%s/P0%Avira URL Cloudsafe
https://dns.google/dns-query0%Avira URL Cloudsafe
http://.css0%Avira URL Cloudsafe
http://ocsp.thawte.com0;0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#es-interfaces0%Avira URL Cloudsafe
https://wicg.github.io/cors-rfc1918/0%Avira URL Cloudsafe
http://subca.ocsp-certum.com0.0%URL Reputationsafe
http://subca.ocsp-certum.com0.0%URL Reputationsafe
http://subca.ocsp-certum.com0.0%URL Reputationsafe
https://chrome-devtools-frontend.appspot.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.startssl.com/policy.pdf04SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://nodejs.org/download/release/v12.8.1/node-v12.8.1.tar.gzhttps://nodejs.org/download/release/vSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
    		high
    https://doh.familyshield.opendns.com/dns-querySideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
      		high
      https://www.bluetooth.com/specifications/gatt/servicesSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
        		high
        http://crbug.com/619103.SubsequenceSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://ocsp.starfieldtech.com/08SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
          		high
          http://ocsp.starfieldtech.com/0;SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
            		high
            https://www.chromestatus.com/feature/5636954674692096SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
              		high
              http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                		high
                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                  		high
                  https://crbug.com/680046)SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://goo.gl/7K7WLuTheSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                    		high
                    https://console.spec.whatwg.org/#console-namespaceSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                      		high
                      https://nodejs.org/download/release/v12.8.1/win-x64/node.libSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                        		high
                        http://repository.certum.pl/ca.cer09SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                          		high
                          https://url.spec.whatwg.org/#urlSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                            		high
                            https://c.doc-0-0-sj.sj.googleusercontent.com/SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                              		high
                              https://dns11.quad9.net/dns-querySideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://encoding.spec.whatwg.org/#textencoderSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                		high
                                https://goo.gl/7K7WLuSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                  		high
                                  https://nodejs.org/download/release/v12.8.1/node-v12.8.1.tar.gzSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                    		high
                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                      		high
                                      https://crbug.com/680046).pS?vSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://unisolated.invalidSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://crbug.com/979235.SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.chromestatus.com/feature/5629582019395584.SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                        		high
                                        https://crbug.com/981419SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/electron/electron/issues/18397SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                          		high
                                          http://www.certum.pl/CPS0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                            		high
                                            https://chromium.googlesource.com/chromium/src/SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                              		high
                                              https://goo.gl/ximf56SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                		high
                                                http://l.twimg.com/i/hpkp_reportSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                  		high
                                                  https://crashpad.chromium.org/SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                    		high
                                                    http://crbug.com/619103.SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://github.com/SideQuestVR/SideQuest#readmewget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpfalse
                                                      		high
                                                      https://c.youtube.com/SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                        		high
                                                        http://exslt.org/commonSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://certs.godaddy.com/repository/1301SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                          		high
                                                          https://www.chromestatus.com/features/%sSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                            		high
                                                            https://www.alphassl.com/repository/03SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                              		high
                                                              http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.htmlSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://doh.opendns.com/dns-querySideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                		high
                                                                http://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformedSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://ocsp.rootca1.amazontrust.com0:SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.startssl.com/policy0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://certs.godaddy.com/repository/0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                  		high
                                                                  http://certificates.godaddy.com/repository/gd_intermediate.crt0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                    		high
                                                                    http://www.symauth.com/cps0(SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                      		high
                                                                      https://www.thawte.com/cps0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                        		high
                                                                        http://narwhaljs.org)SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		low
                                                                        https://crbug.com/954323Blink.VisibleLoadTime.LazyLoadImages.AboveTheFold.Slow2GBlink.VisibleLoadTimSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://crl.godaddy.com/gdroot-g2.crl0FSideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                          		high
                                                                          http://crl.rootg2.amazontrust.com/rootg2.crl0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                            		high
                                                                            http://report-example.test/testSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.symauth.com/rpa0)SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                              		high
                                                                              https://webrtc.org/web-apis/chrome/unified-plan/.SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                		high
                                                                                http://crbug.com/490015SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.jclark.com/xtSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://developers.chrome.com/origintrials/ErrorSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                  		high
                                                                                  http://www.startssl.com/sfsca.crl0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.symauth.com/rpa00SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                    		high
                                                                                    https://goo.gl/yabPexextra_keys_may_be_added_here.SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                      		high
                                                                                      http://icl.com/saxonSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://aia.startssl.com/certs/ca.crt02SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.mdSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                        		high
                                                                                        http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheckSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		low
                                                                                        http://crl.entrust.net/2048ca.crl0;SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                          		high
                                                                                          https://www.chromestatus.com/feature/5527160148197376SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                            		high
                                                                                            https://goo.gl/rStTGzSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                              		high
                                                                                              https://crbug.com/824647SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://goo.gl/LdLk22FailedSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                		high
                                                                                                http://html4/loose.dtdSideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://w3c.github.io/encrypted-media/#direct-individualization.SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://ocsp.sectigo.com0wget.exe, 00000002.00000003.293939674.0000000002AF8000.00000004.00000001.sdmp, SideQuest-Setup-0.10.18-x64-win.exe, 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://certs.starfieldtech.com/repository/0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bugs.chromium.org/p/v8/issues/detail?id=6593SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                    		high
                                                                                                    https://crashpad.chromium.org/bug/newSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                      		high
                                                                                                      https://beacons.gcp.gvt2.com/domainreliability/uploadSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://crbug.com/954323AnSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.chromestatus.com/feature/5629582019395584.TheSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                          		high
                                                                                                          https://chrome-devtools-frontend.appspot.com/%s%s/%s/PSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://aia1.wosign.com/ca1-class3-server.cer0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                            		high
                                                                                                            https://dns.google/dns-querySideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://.cssSideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            http://ocsp.thawte.com0;SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		low
                                                                                                            https://heycam.github.io/webidl/#es-interfacesSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://wicg.github.io/cors-rfc1918/SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://subca.ocsp-certum.com0.SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.chromestatus.com/feature/6708326821789696SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrateSideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.chromestatus.com/features/6662647093133312SideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.wosign.com/policy/0SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://chrome-devtools-frontend.appspot.com/SideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://goo.gl/4NeimXOriginSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.entrust.net/g2ca.crl0;SideQuest.exe, 00000014.00000000.453438883.00007FF678DFA000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.519373896.00007FF678DFA000.00000002.00020000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillRedirectRequestWilSideQuest.exe, 00000014.00000000.450002581.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001A.00000000.515979863.00007FF677EC2000.00000002.00020000.sdmp, SideQuest.exe, 0000001C.00000000.590677477.00007FF677EC2000.00000002.00020000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github-production-release-asset-2e65be.s3.amazonaws.com/254852798/66286400-1a24-11eb-8bb4-76wget.exe, 00000002.00000003.206554414.0000000002AF8000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://url.spec.whatwg.org/#urlsearchparamsSideQuest.exe, 00000014.00000000.450833631.00007FF67847A000.00000002.00020000.sdmpfalse
                                                                                                                              		high

                                                                                                                              Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              52.216.205.163
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                              52.216.178.91
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                              151.101.0.176
                                                                                                                              		unknownUnited States
                                                                                                                              		54113FASTLYUSfalse
                                                                                                                              78.159.97.6
                                                                                                                              		unknownGermany
                                                                                                                              		28753LEASEWEB-DE-FRA-10DEfalse
                                                                                                                              52.216.139.203
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                              216.58.215.234
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              140.82.121.3
                                                                                                                              		unknownUnited States
                                                                                                                              		36459GITHUBUSfalse
                                                                                                                              185.199.109.153
                                                                                                                              		unknownNetherlands
                                                                                                                              		54113FASTLYUSfalse
                                                                                                                              151.101.2.109
                                                                                                                              		unknownUnited States
                                                                                                                              		54113FASTLYUSfalse
                                                                                                                              93.184.220.29
                                                                                                                              		unknownEuropean Union
                                                                                                                              		15133EDGECASTUSfalse
                                                                                                                              8.8.8.8
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              104.26.13.46
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              172.217.168.8
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              172.217.23.174
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              172.67.72.216
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              172.217.168.3
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              13.226.169.13
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                              2.20.142.209
                                                                                                                              		unknownEuropean Union
                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                              54.188.211.37
                                                                                                                              		unknownUnited States
                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                              104.16.19.94
                                                                                                                              		unknownUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                              Private

                                                                                                                              IP
                                                                                                                              192.168.2.1
                                                                                                                              127.0.0.1

                                                                                                                              General Information

                                                                                                                              Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                              Analysis ID:336860
                                                                                                                              Start date:07.01.2021
                                                                                                                              Start time:03:38:58
                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                              Overall analysis duration:0h 19m 22s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:urldownload.jbs
                                                                                                                              Sample URL:https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                              Number of analysed new started processes analysed:40
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • HDC enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Detection:SUS
                                                                                                                              Classification:sus36.rans.evad.win@24/271@0/22
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HDC Information:
                                                                                                                              • Successful, ratio: 55.3% (good quality ratio 54.1%)
                                                                                                                              • Quality average: 82.7%
                                                                                                                              • Quality standard deviation: 24.9%
                                                                                                                              HCA Information:Failed
                                                                                                                              Cookbook Comments:
                                                                                                                              • Adjust boot time
                                                                                                                              • Enable AMSI
                                                                                                                              Warnings:
                                                                                                                              Show All
                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              03:43:58API Interceptor2x Sleep call for process: SideQuest.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              No context

                                                                                                                              Domains

                                                                                                                              No context

                                                                                                                              ASN

                                                                                                                              No context

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\.android\adbkey
                                                                                                                              Process:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1732
                                                                                                                              Entropy (8bit):6.046895217785955
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:LrjWMS8cs0r74vPcR1QvHMPuK9+pp8EGCAgS/L4q4Y:LrrcsB3czcuuKSGn1gSj4w
                                                                                                                              MD5:99CF58C3D22E9E513DA1428FAD500EA5
                                                                                                                              SHA1:A9B932F9B5C8AB7665F63AD5D6BED128765C6F58
                                                                                                                              SHA-256:F6E4571325922EBA3E80FE28530218E843327104BC1FF8FF9190E357FCC6780A
                                                                                                                              SHA-512:69AF6CAA7367ADAE98C8C438BA8088109A02E7705FEFC264E7E7F6B1D9A39728FFC3AE3895E20D32C25D28C946529181443692BDCF11394CE25234C184FFC8DB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: -----BEGIN PRIVATE KEY-----..MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChdjHRYZ/XDuqr..VoD6AKbcAu+fc/eq0Lp+9HkR8zcotnslKNwUNF3XSH592le52tDg1wueHFDxTABW..RxEcsrzTrnfki9gZPFVvgu9FMr9VKQ3cmJ/I5e0tXbFzV0VDNxXZr95MA/8ij4Ru..ScqaV53DNGPu2g/1R1fjpotWG1xDaukVgi22sDl0YEdgiJZmk+7OM8VM/ngwUo96..opaO7tc+1f0o24F1pI5LIbybyfQ8F37ZmZCLCIjKRFo2bVVlnOoQyJ2vNy6AF/bD..OfJ7FMePwa1XeistTSa2iOKJPW3pm9RwIXR8haEvDSRSfwQ549PkSUPLyNMQgVoS..uZDCEwXPAgMBAAECggEADUzVrLg8ePQnG4cMJ8ve8tehEoL0f1MjUarkwDhHLmjd..uwFjI5zur/muRcKzIEGonCTKtbMCbeYDTxgajkEg8dT41lA4tFd2eDGScSJNhX/U..vvupidx6zZZetDAXqgJDIAPvLVbU8O1ejNEyScV23uoVY0r+Loe6cyu4ZZbqYjku..RmMHbNW4gTT9C/rS4NIpIWVTrD3ga09CWENISYSMOagry3MWeOwSsIf1Ug1LOKip..Pvy58iVc8c5/lI+Gss2FDK5gnHYFIDaDU3Wtjdj2nJ3my6SzguCf3DsKn7JPlB62..ES0p3Cy8ZDk2QIqhnHo1bHhpHkbT9alx4IedbIBCHQKBgQDTD0n+FDWUjscun84F..sHNjlRPQiPvPKDKxPWZQoU65nNZjDEg8vREPxKN8fSHZ/uR5vjLNBoZpBmt0jvPV..UY9wZ0ezOj6oCOFXyCV7wkng5+8fdqxIcnL4bZhEdbAW+3OC5OH1pZvlubnuwYk8..qu1jkUikCFxO/5+CcFp5Wq38fQKBgQDD11qA96nJrMnbUix
                                                                                                                              C:\Users\user\.android\adbkey.pub
                                                                                                                              Process:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):709
                                                                                                                              Entropy (8bit):5.965518152734191
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:TigJBg4vWjkv4vvjHh1S85zfB6UxATsqCfoNXsUaLL3/i6rZzuRjIsAvpgA/3rV0:2oJ+j24XjHPV6MAT7Cf1rLDjZza84A/+
                                                                                                                              MD5:D87E79310FCCD4A0E11E154A15A21D32
                                                                                                                              SHA1:6946C87A9DCDB42249C19496A025259AB3441936
                                                                                                                              SHA-256:9C0C59963DCDAEEFA45894742EC0E33436617B799A74F6A2F0CCEC0A757F4872
                                                                                                                              SHA-512:8007FB1D58DD8090285401365AAFF7C825255CDC8D099FD124AD57279852C48C641771A6566813DA639A344E672E4B0CF47EE25C90BC25DFCED76394B214680B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: QAAAANEeFuzPBRPCkLkSWoEQ08jLQ0nk0+M5BH9SJA0voYV8dCFw1JvpbT2J4oi2Jk0tK3pXrcGPxxR78jnD9heALjevncgQ6pxlVW02WkTKiAiLkJnZfhc89MmbvCFLjqR1gdso/dU+1+6OlqJ6j1IweP5MxTPO7pNmlohgR2B0ObC2LYIV6WpDXBtWi6bjV0f1D9ruYzTDnVeaykluhI8i/wNM3q/ZFTdDRVdzsV0t7eXIn5jcDSlVvzJF74JvVTwZ2Ivkd67TvLIcEUdWAEzxUByeC9fg0Nq5V9p9fkjXXTQU3Cgle7YoN/MRefR+utCq93Of7wLcpgD6gFar6g7Xn2HRMXahrHy8tOsL3iuwBfZzrH9cWhnfjpjSfNqGKZ58h0XY93UkNUtvIPQcdYPdKPc20TQMaXMSGLIIa86Ke1N3z4DQOAiTNO45S1mu9605hCMXb5el32bwyrneO9n1pumoE5OMC1ldrWj46qd1hOwXSEIsL5bAfbUdBwEzm+hdA8fCEPFIA5Rcw9sAUX1+IPiJx9lau5x+KBMYyUgBIic2PooQdQgTWtjtUNX3idNr9yff3UTGU3zfiTyNijxWuLYFGtYZMpaLpzlo8CCgMgmBCyNKKLlOzHbjo2PUXfmxVDAAjh47AMkVM1gFO0pON6pcJK9nS6vqLNya8YOS4KWJzRLQagEAAQA= @unknown
                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Microsoft Cabinet archive data, 58936 bytes, 1 file
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):58936
                                                                                                                              Entropy (8bit):7.994797855729196
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
                                                                                                                              MD5:E4F1E21910443409E81E5B55DC8DE774
                                                                                                                              SHA1:EC0885660BD216D0CDD5E6762B2F595376995BD0
                                                                                                                              SHA-256:CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
                                                                                                                              SHA-512:2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..*D..agaV..2.|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....|.....Q...'....X..C.....a;.*..Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........
                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):471
                                                                                                                              Entropy (8bit):7.173714138462907
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:JY03G5FZJ910ImaohCM5wW2OXBODR2kev4Is6qc:JY023ZpmjYM5vBOckRc
                                                                                                                              MD5:9A1BCCC377FDFDA5C102551366D72A08
                                                                                                                              SHA1:78006CEC9E08B02286167A88ADDEAA8E855BDBE5
                                                                                                                              SHA-256:EAD41D5EF14C0D083A8DD320C286E643150614C0B46324D474D413BA75393529
                                                                                                                              SHA-512:3C65BD4EE815C7180B9F1E2483B4350E2DDF8D7148C438087928E108E75B045FFE75433E0DEB2A2C48E46418AB2202DBD64707225FF34E8C6968ABE942EA09F1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0..........0.....+.....0......0...0.......>.i...G..&....cd+...20210105200618Z0s0q0I0...+...........(..A..B..G@B.X....>.i...G..&....cd+....y.D.... .a_.k......20210105200618Z....20210112200618Z0...*.H.............ND.a.../.\..F#=.X.A......#i.....Y".)...=%...Qk....|.....Q...Vk.@7.|W...ns.......f.<.0.k...P.a......4.K.&..m...F......6t.$..W?...I5.4nykA.{.|.......h..LK.....pA.D....G@....X..R.u..l..\...-.r.....h2 ..h.G..._.I..g..Ch.#m.....V]V...P..=r.
                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):326
                                                                                                                              Entropy (8bit):3.1121144470001534
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:kKHFkswwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:dWkPlE99SNxAhUegeT2
                                                                                                                              MD5:B83BDC301D5BC8EBD4D41B7AF74FDAA0
                                                                                                                              SHA1:F60DF4CF8D20BE654A40E583B116D8F1DECCC339
                                                                                                                              SHA-256:61323775F7C65EF00E471B44ABA583E0808C34CA9F64A05F88AA9463D434EDFE
                                                                                                                              SHA-512:8E1C0840771881D8283AB31B747EE85AAADB2602737AA1759667C5B03685F70D7B51F1BB57D255454503DF7F71CC87C1108333A6DAC0C171EA2EB848158ACC9F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: p...... .........*.u....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...
                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):860
                                                                                                                              Entropy (8bit):3.805412660373614
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:FInmxMiv8sF1JbqDkwJr0yrxdXIKImxMiv8sF1JbqDkwJr0yrxdp:FInmxxvnFqYwJjIKImxxvnFqYwJl
                                                                                                                              MD5:EA3C3308445D4A279DF657009E1452D9
                                                                                                                              SHA1:A8442E276337099E0EEC9F9E6DADDA2422992E1E
                                                                                                                              SHA-256:5E857493EBFA5B1A26D352B52E1FFBA310AD84A2AC4D8E971AB32FCE147592F1
                                                                                                                              SHA-512:EEEA281FC3FD697F52696BF9854EBC4D3C10504C94B1FC42DDC1CC28AA486CC81F950D662D0B65CAB2272551709C4B8D2FEC2DC4B69AEE17D88D235FC6C001D8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: p...... .........m.b....(....................................................... ........zT......Q..................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.q.h.L.j.K.L.E.J.Q.Z.P.i.n.0.K.C.z.k.d.A.Q.p.V.Y.o.w.Q.U.s.T.7.D.a.Q.P.4.v.0.c.B.1.J.g.m.G.g.g.C.7.2.N.k.K.8.M.C.E.A.x.5.q.U.S.w.j.B.G.V.I.J.J.h.X.%.2.B.J.r.H.Y.M.%.3.D...".5.f.f.5.0.c.4.4.-.1.d.7."...p...... .........m.b....(.................:......gc......................gc.... ........zT......Q..................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.q.h.L.j.K.L.E.J.Q.Z.P.i.n.0.K.C.z.k.d.A.Q.p.V.Y.o.w.Q.U.s.T.7.D.a.Q.P.4.v.0.c.B.1.J.g.m.G.g.g.C.7.2.N.k.K.8.M.C.E.A.x.5.q.U.S.w.j.B.G.V.I.J.J.h.X.%.2.B.J.r.H.Y.M.%.3.D...".5.f.f.5.0.c.4.4.-.1.d.7."...
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\LICENSE.electron.txt
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1060
                                                                                                                              Entropy (8bit):5.127745905239685
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:lDiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:lDiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                              MD5:F8436F54558748146EC7EBD61CA6AC38
                                                                                                                              SHA1:EF226E5B023D458EFCDC59DC653694D89802F81C
                                                                                                                              SHA-256:34F6F27C26D1BB8682EBB42AE401F558228FD608455BD7C6561D5FD500B7D05B
                                                                                                                              SHA-512:5B310B48BBEE286F03E645E4BFAD0EC870A7C68C445D54F46F3EAAA9C427F9DE6CD0561D451838BD53C78A5289E9F0BDA19CDA4257A4657580AFA6C357913050
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Copyright (c) 2013-2019 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION.WITH
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\LICENSES.chromium.html
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4723060
                                                                                                                              Entropy (8bit):4.895382261104505
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:3sOBLmnLiLxsmrwrDK7qcj/kUg7wWnQJ8um:cGLmLAKUuObjhJ6
                                                                                                                              MD5:C91C1D7D87F2EC9AEC7EFA9D34808000
                                                                                                                              SHA1:5325EEB991FB27FCB8640AC3B272AB387A884EB4
                                                                                                                              SHA-256:67885E1586ECF0354E79467340CEBE4D977B8DDCB432F7E832008B4FF3C8A1FF
                                                                                                                              SHA-512:6DC0E6518CC682E26572FCC4627AD2A5A616931B4F9FC328A12272876E9139CEEFA8BB8164984DE6F574E8D76952CF206C79F1AF6C9E75EAFD92A37619A9D735
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<style>..body {.. background-color: white;.. font-size: 84%;.. max-width: 1020px;..}...page-title {.. font-size: 164%;.. font-weight: bold;..}...product {.. background-color: #c3d9ff;.. border-radius: 5px;.. margin-top: 16px;.. overflow: auto;.. padding: 2px;..}...product .title {.. float: left;.. font-size: 110%;.. font-weight: bold;.. margin: 3px;..}...product .homepage {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;..}...product .homepage::before {.. content: " - ";..}...product .show {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;.. text-decoration: underline;..}...licence {.. background-color: #e8eef7;.. border-radius: 3px;.. clear: both;.. display: none;.. padd
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):104846752
                                                                                                                              Entropy (8bit):6.669450530846252
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1572864:Cx7QUKRA8TYFOMRJ2fV4/4WSruUUBIezoIGG2uEi5ST:47E4JxWet2ufST
                                                                                                                              MD5:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              SHA1:3031F94B1E7D65C16965FEFCBCB3DCAD216CD373
                                                                                                                              SHA-256:254AD81E161818486BAFB83F0F05116E7C270123524D794488BCF1BFB2200AB8
                                                                                                                              SHA-512:446C781F65436E4CB4697727294B3E6982DB6207023C8C1189A081D4E0CD9EA1004F476DFBA9E87A4CDC447DA8C31A07B18FAFD2941910D69BAB6E7708A49D05
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^..?......."...........\.....P..........@..............................L......<@...`...........................................................=.....0...9-...?..=....@..K...<...................... ...(........................!...........................text...9........................... ..`.rdata..T.... ......................@..@.data........ ......................@....pdata...9-..0...:-..&..............@..@.00cfg.......p=......`1.............@..@.retplne`.....=......b1..................rodata.`.....=......d1.............@..@.tls..........=......|1.............@...CPADinfo8.....=......~1.............@...prot..........=.......1.............@..@.rsrc........=.......1.............@..@.reloc...K....@..L... 4.............@..B/4......:+....K..,...l?.............@..B................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\Uninstall SideQuest.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):400368
                                                                                                                              Entropy (8bit):7.074897674746388
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:XO94ruMQfUImBesz2GFnK3ieyE4PPvUwUa8T2t0EyL+9gJpaXP:XiMOmg2BKQEAJCLRKMwXP
                                                                                                                              MD5:BA0A752FC6511C6B101B128BC59A26F3
                                                                                                                              SHA1:EBC9044D1A724594774D0E142EF7A92D21D399A6
                                                                                                                              SHA-256:EBA46075E4F3AAA9382A04123346C2C08E228C026FF5FA70BC7153C0E2588B2D
                                                                                                                              SHA-512:57A1FDFA1ACDF0C83C84CFCAD9EEE785A95CB204BAF7C1ABC93FB6154DA695A62AF59D77910A6A0BD03ABD56A4ECCD67307906704DC7F51A9D7B2CF6D7A32C78
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WP.9.1.j.1.j.1.jHY.k.1.jHY.k.1.jHY.k.1.j.1.j.1.j.o.k.1.j.olj.1.j.o.k.1.jRich.1.j................PE..L....$D^.................v...b...@...9............@........................... ...........@..........................................0..............P....=...........................................................................................text....t.......v.................. ..`.rdata..j+.......,...z..............@..@.data....#..........................@....ndata...@...............................rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\chrome_100_percent.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):177830
                                                                                                                              Entropy (8bit):7.835273501069481
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:xHsSzwVnp5NiU2w5+vfdYCJdx1+khejSTS9SO0vVm7O0U27IIABNHlJngfI:xHsSzwVXMUx5c1YC7x1+fSucY7OP2ITL
                                                                                                                              MD5:C56BC01C88F2FD186AE22F10B1BD5900
                                                                                                                              SHA1:B000E68CCD919010EFF8C2E114B7D1B6E702D997
                                                                                                                              SHA-256:D8CBC2234F40B49437A5876BB008B6B43AFDF92391DEC3F0739BE98E448AB671
                                                                                                                              SHA-512:46F9158E0F06A4E415B95A7DABE88CC4F3EECC235CDAF9D744CAF4DE5E665AE91599E3C2FEEA0860E9F6EEB2EEA45FE4E57542FAE95ED9110D44624513DE3AA0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...................C.....C.....C.....C.....C7....C.....C.....C.....D.....D.....D5....D.....D. ...DA!...D."...D.#...D.,..8c./..9c<0..:c.1..;c.4..<c.7...d.;...d.<...dJ>...d.?...d.@...d4A..dd.A..edJ...fd....xi|...yi....zi....{i....|i...}i....~i.....i5....i.....i.....i.....i.....i.....i/....i.....i.....i.....ib....i.....i1....i ....i.....i.....i;....i$....iJ....i.....i'....i.....i.....i%....i.....iC....i.....iT....i.....iX....i.....i.)...i[*...im,...i.....iC/...i%0...i.0...i.1...i.1...i.2...i.2...i.3...i.4...in5...ia6...i.7...i9:...i.<...i.A...ioF...iDG...i.H...i.H...i.I...i.J...imK...iMM...i+O...i.Q...i....i.....iX....i.....i.....i+~...i.~...i.....i3....i*....i.....in....i....iT....i....i|....iF....i.....i....i.....iC....i.....i....i.....iC....iz....ip....ig....iv....k^....k.....k.....kW....k.....k ....k....k7....k.....k....k%....km....k.....kk....k....kk....k....kx....k.....k.....k.....k.....k.....ke....k....k%....k.....kG....k.....k.....k^....k.....k.....k.....k....kB....k..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\chrome_200_percent.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):315644
                                                                                                                              Entropy (8bit):7.922192633378286
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:SDQYaReMYz73QYV85u/oFwvwoytKi6obByPGlPFYKxo+:3fIJg5u/oFdpxLlFYK
                                                                                                                              MD5:9662C1F572EF83F070D2354B0275EC60
                                                                                                                              SHA1:04CE905A95A1C3B8521A17AC9F57503E7AA3EAC9
                                                                                                                              SHA-256:55DD419A1CECCA86665BA5E6184D6B58EDF714D652E67C5220DD3B407D99AFA8
                                                                                                                              SHA-512:B1D34D58F5079B1DB9764BCE2787969113AC7CB1B83DBC3EBCE8C9C287AF372A639611BA11246A088243E2098DBD1D6AD51341EFF2A57A995868BB0DB94A3167
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...................C.....C.....C.....C.....C.....C.....C.#...C.(...D.+...D^3...D.7...D.9...D.;...D.=...DU@...D.@...DxU..8c.Z..9c.^..:c.a..;c.d..<c.g...d.k...d.l...d4n...d.o...d|p...d.q..dd.q..ed4...fd....xif...yi....ziK...{iT...|i....}i....~iM....i.....i.....i{....i.....i.....i.....iG....i2....i^....iR....i.....i.....i.....i.'...i[0...i.2...iN5...io9...i.@...i.A...i.F...i.I...i.M...i.S...i.T...i.W...i.Z...i.]...i.a...i.h...i.l...iB....i9....i ....i.....i6....iP....iT....i.....i.....i.....i8....i.....i+....i....i{....i.....i....i.....i.....is....i.....i/....i.....i.....iI....i.....io....i\....i$....i.....i.....i@....i_H...i.I...i.J...iML...i.....ikv...i.w...iUy...i.{...iP|...ik....i....i.....iz....iB....i8....i[....i.....i.....i.....i.....i.....i....i....i....i.....ir....i.....i....k.....kN....k.....k.....k.....k.....k....k#....k.....k....k5....k.....k.....k.....k*....k.....kE....k.....ks....k.....k.....k@....k.....kQ....k.....k_....k#....k.....k9....k.....k.....k.....kj....k..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\d3dcompiler_47.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4481992
                                                                                                                              Entropy (8bit):6.374831048870993
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:cwBNwAqRvTvbehyCZ5xRmhErU6jFyU+dQZTHchy0eQago4I+oiP85+hA6+Se4QQU:SUZ5P7FwcAgLbz+3s0Bm
                                                                                                                              MD5:FEA40E5B591127AE3B065389D058A445
                                                                                                                              SHA1:621FA52FB488271C25C10C646D67E7CE5F42D4F8
                                                                                                                              SHA-256:4B074A3976399DC735484F5D43D04B519B7BDEE8AC719D9AB8ED6BD4E6BE0345
                                                                                                                              SHA-512:D2412B701D89E2762C72DD99A48283D601DD4311E3731D690CC2AB6CCED20994FA67BF3FEA4920291FC407CD946E20BDC85836E6786766A1B98A86FEBAA0E3D9
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............i.\.i.\.i.\K2.].i.\K2.].i.\...].i.\..0\.i.\.i.\ m.\...].i.\...].i.\...].i.\...].i.\...]'i.\..^\.i.\..\\.i.\...].i.\Rich.i.\........................PE..d.....c..........." .....V3..t.......d&.......................................E.......D...`A..........................................A.x.....A......pD.@....`B......BD..!....D......>.T...................8.6.(...0.6.............`.6..............................text....U3......V3................. ..`.rdata.......p3......Z3.............@..@.data....#...0A.......A.............@....pdata.......`B.......A.............@..@.rsrc...@....pD.......C.............@..@.reloc.......D.......C.............@..B........................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\ffmpeg.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2128896
                                                                                                                              Entropy (8bit):6.610058538148871
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:y+cOvGFd/RIgWtRZgE3A0bsPSZAjhwFo7zMYq/X+838tUy1zu:yDOvkOjtRZgEwykU4u
                                                                                                                              MD5:FE3784A2ABF89729BEB152D844F00303
                                                                                                                              SHA1:2D1903B0D0799FFB42E5D6BDB57C6B0B009D25C9
                                                                                                                              SHA-256:0408A7B5CB8A20391BA470E34B1ED5E4EBEF95DC65006FFD4874865A499DCB30
                                                                                                                              SHA-512:D7613EE0D32810539E7AFFE4D7DC894C82DBB0829D6AF829FE93E6A175C0FA1C2CD71243636FCA28C89EEF65BD55F8898C8549EBF57B9B7F4DE60D49FE74944A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^.........." .....N...*............................................... 3...........`..........................................U.......Z..(............P2..............2.....@T..............................`c...............]...............................text....L.......N.................. ..`.rdata..`>...`...@...R..............@..@.data...........0..................@....pdata......P2.....................@..@.00cfg........2......J .............@..@.reloc........2..0...L .............@..B........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\icudtl.dat
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10426784
                                                                                                                              Entropy (8bit):6.218401047383452
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:196608:wzwSv9AA0fJlt5liXUxR0rHc93WhlA6t9QJGX2EXmJNVR2m:9Kl0fJlliXUxR0rHc93WhlA6t9QJGX2z
                                                                                                                              MD5:9E8B247AA7A609E6632518ECD6634FC0
                                                                                                                              SHA1:CC43315BEC76167BE7DFBB7DD0B6D61974204D6C
                                                                                                                              SHA-256:18ACC07D9CA59B1E599343B022A9E602A0A0C152866F7E5DCE1FEDD2DBCD33A0
                                                                                                                              SHA-512:7A9590F410C14886317D7CDAE606B50B4A0355061E251AA3BCD3E0C614438298E839FF116553089116423E9BC98C131F35796478517D88A180A5A2D08FF7FA5F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .....t).......).......)..`....)..`....).......)..`....).......).......)..p....*......$*......7*..0...J*......]*......p*.......*.......*.......*.. ....*.......*.......*.......*.......+.......+.. ....+..p...A+......T+.. ...g+......z+..0 ...+... ...+..."...+..p"...+..@$...+...$...+.. %...+..p%...,...%...,...&..+,...X..B,..0{..R,......b,.. ....,.......,..0....,...v&..,....&..,.. .&..,....&..-..`.&..-....&.E-....&.\-..@.&.s-..p.&..-....(..-.. .(..-....)..-...{*.....@X+.)...p),.L.....-.c.....-.......-.....0.-.......-.......-......1.../..`.0../..`m0.7/....1.N/.. .1.j/..0.1.z/....1../..`J1../...J1../...m1../...o1../....1../..`.1..0..p!2..0...E2./0...i2.D0..`.2.Y0..@(3.o0...(3..0...N3..0...N3..0...P3..0...P3..0.. Q3..0....3..1....3.61....3.K1..@.3.`1.. .3.u1....4..1...4..1..@.4..1....4..1.. .4..1.. .4..1..p.4..2....5.$2...c5.92..P.5.N2....5.f2...5.{2..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\libEGL.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):141824
                                                                                                                              Entropy (8bit):6.165232776643738
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:nu1goINM1Rn1Pd9rN+xrBXs0AZ8ia5od09oPgFSM7:nYB+iBD9R+780AZ+A7C
                                                                                                                              MD5:50103B3D68741DFEF2DE30E626E34345
                                                                                                                              SHA1:100E1E3DCBC23B120D2E6FAAC5BF4779A18315E6
                                                                                                                              SHA-256:FA2BFE5BD6BE9D037E29B445A4DFA3859DA59EFAFA25A6CB46B9B32950E91C0D
                                                                                                                              SHA-512:B393DD874A3AF4888E30C52E4938FBF79E91681843DF6E563E43DE07C6BE37B96BEC84D338344A5D258298634B8044677A56F6FC78C0954721E7CAF6D9C5F7FC
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^.........." .....>...........8....................................................`.............................................C.......(....... ....@..@...............x...........................@...(... Z..................`............................text...&<.......>.................. ..`.rdata.......P.......B..............@..@.data... ..........................@....pdata..@....@......................@..@.00cfg.......`......................@..@.tls.........p......................@....rsrc... ...........................@..@.reloc..x............"..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\libGLESv2.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7731200
                                                                                                                              Entropy (8bit):6.183423586933166
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:5430yYnlr+Y9j2JzYP5YMVBtYKXUu+MHk5ktmveyBiXh3VfE4wfepY/23LdId74N:54xqH7YM/xweVPKi+EyJj/RrqGU5
                                                                                                                              MD5:EF9E8409D4D6427C5B95E2AA6499F615
                                                                                                                              SHA1:DD2D4193358DD573B868AC2D3F373454370A8392
                                                                                                                              SHA-256:C420590448C1AB05586E173BD0567837DF6BA7E7542CB6F96F81E5D87F50F4A6
                                                                                                                              SHA-512:6BA124C62424A9996C137CCA6F05485C2A7F0A29795A8B64F6A7B78D2A6054545922716E75FD9255BECE922AEBBE2D9C11820603C7DE17116A73B2DEDF3F6FA6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^.........." .....xL..|)......}I...................................................`...........................................j.......l.x....P..8....p..............`..<-..|.j.....................X.j.(....i.............`.l.....@.j.@....................text....vL......xL................. ..`.rdata.... ...L... ..|L.............@..@.data.....n..`m......Fm.............@....pdata......p........r.............@..@.00cfg.......0........t.............@..@.tls.........@........t.............@....rsrc...8....P........t.............@..@.reloc..<-...`........t.............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\am.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122392
                                                                                                                              Entropy (8bit):5.0590622621002765
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ZtlbZYiKP7wm8M77Rt4rgEkA0SqNmCoZb/qoGnZJjhSt+WWRIFBCkepJMt1H+i6O:9bdbQlpx30jH8+d
                                                                                                                              MD5:3ED0D4542982E7F4C7970808E9DF9474
                                                                                                                              SHA1:E216CEA6E8BC4CBDEA9E1159A17D18469AE6C227
                                                                                                                              SHA-256:E0EF4BA4FB1D4570123AC1311E67DA9358CC028FBC0A5816B563D4BA0179F5EA
                                                                                                                              SHA-512:A4169242C8D6E9E51B02EA20F84A3C133796564517A77AE283FB2183343401B6471D5AEC81BB6347676F989F0283C7C881CECDCA1C55CF6DEC1F36480E0E412B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+.....+....&+....,+....;+....L+....U+....j+....w+....}+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....A,....`,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-....6-....I-....U-..!.e-..".h-...:.-...:.-...:.-...:.....;Y....;.....;.....;.....;.....;//...;M/...;t/...;./...;.0...;m0...;.0...;.0...;.1...;.1.. ;=1..#;L1..$;U1..%;l1..&;.1..(;.2..);12..*;J2..+;i2..,;{2..-;.2...;.2../;.3..0;o4..3;>5..4;X5..5;.5..6;.5..7;.5..8;.6..9;.7..:;.7..;;Q8..<;.8..=;.8..>;.9..@;d:..A;.;..C;.;..D;.;..E;.;..F;.;..G;.<..H;;<..I;R<..J;{<..L;.<..M;.=..N;.>..O;.>..P;.>..Q;.>..R;.A..S;;B..T;.C..U;.C..W;.C..Y;.C..Z;.C..[;.D..\;.D..];fD..b;.D..c;2E..d;.E..e;.F..f;1F..g;~F..h;.F..i;SG..j;.G..m;.H..p;\H..r;kH..s;qH..t;zH..u;.H..v;.H..w;.I..x;.I..y;.I..z;.I..{;NI..|;kI..};.I..~;.I...;.I...;.I...;.J...;.J...;.K...;EK...;uK...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.K...;.L...;.L...;.L
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ar.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):123569
                                                                                                                              Entropy (8bit):5.140723968913605
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:aj4yHLNgjZhDWNYoQUWuMQwxHSM2uZtE9TYJFAj6ReyF5D0X2x91Y:aj4CNg3oU/DE
                                                                                                                              MD5:A67BFD45825968D86CDCF91CD89310DF
                                                                                                                              SHA1:B8455DEE614367BE4FA4D7669E650714024F607A
                                                                                                                              SHA-256:1E894A2B00F957A913E1BA768FFCF30C29B570D2EAB307790FC761FA55F44225
                                                                                                                              SHA-512:03FDA321FF4E342F58B02995929C382DEA8ECF2320C65900FE4996DEA1335235163092EB9BAD84CA6F33B086B3323A4D75991829730941CA3ECAA022BA14B160
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+....$+....*+....9+....J+....S+....h+....u+....{+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....K,....d,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-.....-....<-....^-....o-....y-..!..-.."..-...:.-...:.-...:.-...:.....;P....;.....;.....;.....;.....;A/...;s/...;./...;./...;B0...;.0...;.0...;.1...;%1...;-1.. ;S1..#;Y1..$;e1..%;.1..&;.1..(;.2..);D2..*;^2..+;y2..,;}2..-;.2...;.2../;.3..0;&4..1;.5..2;.5..3;.6..4;.6..5;.6..6;.6..7;+7..8;.7..:;.8..;;&9..<;i9..=;.9..>;.:..@;.;..A;_<..C;*=..D;9=..E;J=..F;]=..G;y=..H;.=..I;.=..J;.=..L;.>..M;.>..N;+@..O;X@..P;}@..Q;.@..R;.D..S;.F..T;@H..U;.H..W;.H..Y;.H..Z;.I..[; I..\;9I..];.I..b;?J..c;.J..d;.K..e;JK..f;hK..g;.K..h;oL..i;.L..j;\M..m;.M..p;.M..q;.N..r;.N..s;.N..t;.N..u;KN..v;nN..w;.N..x;.N..y;.N..z;.N..{;KO..|;jO..};.O..~;.O...;.O...;.O...;.P...;.P...;.Q...;NQ...;.Q...;.Q...;.Q...;.Q...;.Q...;.Q...;.Q...;.R...;.R...;.R...;.R...;!R...;%R...;3R...;6R...;DR
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\bg.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133078
                                                                                                                              Entropy (8bit):4.874700521695386
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:rEHWJsWXnzhqaWzMn6v63BMW3f4ZHrz3kZN0kN96aaGQAWosUV6DreF:w2Js8Dx6vjZHrzkZN0kN96lAWosUV6D6
                                                                                                                              MD5:0B3155230E1942D238341C2F9EB88EF9
                                                                                                                              SHA1:82590D918C0B2350DC46B2925D5550EE427B27E3
                                                                                                                              SHA-256:0BEDA1647B0760046A7B18E4498A62B727B6320141E0A3B0CD864CABB7EB21ED
                                                                                                                              SHA-512:FABFF8C3B1BC5B94AE8A27BE1D790FFEA85D7DE773AD48F2A2ECCCCC63EA35445F639349B5E5A59EC85E5378E7F0D1ADBBDEBDAC7C1F71F71FC5E64CE9D0AD4E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.*+....2+....7+....D+....J+....Y+....j+....s+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.... ,....9,....V,.....,.....,.....,.....,.....-.....-.....-.... -....!-....2-....U-...._-....s-.....-.....-.....-.....-..!..-.."..-...:.....:7....:.....:.....;*/...;./...;./...;.0...;-0...;.0...;.0...;.1...;)1...;.1...;|2...;.2...;.2...;.3...;.3.. ;E3..#;W3..$;c3..%;.3..&;.3..(;34..);z4..*;.4..+;.4..,;.4..-;.5...;x5../;T6..0;.7..1;.7..2;.8..3;.9..4;.9..5;.9..6;.:..7;P:..8;;;..9;p<..:;.<..;;B=..<;.=..>;.>..A;.>..C;.?..D;.?..F;.?..G;.?..H;.@..I;/@..J;V@..L;.@..M;.A..N;PB..O;]B..P;tB..Q;.B..R;oD..S; E..T;.E..U;VF..W;.F..Y;.F..Z;.F..[;.F..\;.F..];MG..b;.G..c;BH..d;.I..e;7I..f;ZI..g;.I..h;rJ..i;.K..j;.K..m;.K..p;JL..r;dL..s;nL..t;zL..u;.L..v;.L..w;.M..x;.M..y;7M..z;:M..{;.M..|;.M..};CN..~;PN...;fN...;uN...;.N...;lO...;.O...;5P...;.P...;.P...;.P...;.P...;.P...;.P...;.P...;.P...;.P...;.Q...;.Q...;.Q...;.Q...; Q...;"Q...;(Q...;2Q
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\bn.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):173570
                                                                                                                              Entropy (8bit):4.471779065996595
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:K/mX1cWripiuRr18JMgylH0mvRZrWChokW:WmlcWri3dm
                                                                                                                              MD5:238816F58B8247ED3D95538C5B4CE5D8
                                                                                                                              SHA1:5AC704AEE7070779B1DEED3C6578DC8962076432
                                                                                                                              SHA-256:62952441557CA8893B925196DC3C4CC89989237A1579786217E429845818A010
                                                                                                                              SHA-512:A3A486924032850AA73456E83147E831C5DA15BBFADCD669C917F01FBE7DD90A2FCB9EFD9BFFA6B7411D0D0C7DA331D5E990FA3D3C098F5FBFBCDA75B06D977C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+.....+....'+....-+....<+....M+....V+....k+....x+....~+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....0,....[,.....,.....,.....,.....,.....-.... -....#-....$-....;-....\-....k-.....-.....-.....-.....-........!.6....:9....:l....:.....:!/...;./...;?0...;i0...;.0...;.0...;R1...;.1...;.1...;.1...;.2...;)3...;.3...;.3...;.3...;.3.. ;.4..#;.4..$;74..%;a4..&;.4..(;35..);.5..*;.5..+;.5..,;.6..-;T6...;.6../;.7..0;.8..1;.:..2;(;..3;Y<..4;.<..5;.<..6;.=..7;\=..8;.>..9;.@..:;.A..;;.A..<;.A..=;.B..>;.C..@;.D..A;.E..C;hF..D;.F..E;.F..F;.F..G;.G..H;OG..I;fG..J;.G..L;.H..M;nI..N;.J..O;.J..P;.J..Q;(K..R;.N..S;8P..T;.Q..U;0R..W;.R..Y;.R..Z;.R..[;.R..\;.R..];YS..b;uT..c;.T..d;.U..e;.U..f;5V..g;]V..h;:W..i;.W..j;.X..m;.Y..p;gY..q;.Y..r;.Y..s;.Y..t;.Y..u;.Y..v;HZ..w;.Z..x;.Z..y;.Z..z;.Z..{;-[..|;][..};.[..~;.[...;.\...;%\...;H\...;O]...;.]...;R^...;.^...;.^...;._...;._...; _...;E_...;H_...;R_...;U_...;__...;b_...;p_...;t_...;._
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ca.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):87098
                                                                                                                              Entropy (8bit):5.431939868956806
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:XeBRevu71PR9GjMVNUqvnlluqcgKWI54FZn+O5yz8yLd9rXe0BU0dlszRh2h+nA7:mRevu71P3UqvnfXcgKWI54FZn+O5yz8y
                                                                                                                              MD5:1D3F1900D6D59C680B25EF2AEBE75A15
                                                                                                                              SHA1:4F8902494CA2FB2FD9C184840F84116A635B86E7
                                                                                                                              SHA-256:527270623091F56A8A58A5474E016F70FFCF36498B02ED07C671912EDD457C66
                                                                                                                              SHA-512:3D4A01713D31AD6CF92BA66C62E752F8971C84D04E29BE4D30F38FD3C5F9E464B15A2D11F6C49026752D12620687EA4A46D20F86605DC6A4642FF4C2071DD8C3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.$+....,+....1+....>+....D+....S+....d+....m+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....+,....K,....f,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-.....-.....-..!. -..".#-...:A-...:G-...:d-...:w-...;.-...;.-...;.-...;.....;.....;P....;s....;.....;.....;./...;W/...;./...;./...;./...;./.. ;./..#;./..$;./..%;./..&;.0..(;M0..);w0..*;.0..+;.0..,;.0..-;.0...;.0../;d1..0;.1..1;k2..2;.2..3;.3..4;.3..5;.3..6;.3..7;.3..8;.4..:;X5..;;.5..<;.5..=;.5..>;.6..@;.7..A;.7..C;.8..D;.8..E;-8..F;98..G;I8..H;X8..I;n8..J;.8..L;.8..M;C9..N;.9..O;.9..P;.9..Q;.9..R;.;..S;.;..T;.;..U;M<..W;}<..Y;.<..Z;.<..[;.<..\;.<..];.<..b;#=..c;T=..d;.=..e;.=..f;.=..g;*>..h;.>..i;.>..j;;?..m;m?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.?..w;.@..x;.@..y;.@..z;.@..{;L@..|;c@..};.@..~;.@...;.@...;.@...;.@...;TA...;.A...;.A...;.B...;2B...;BB...;FB...;QB...;YB...;\B...;gB...;jB...;tB...;wB...;.B...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\cs.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88849
                                                                                                                              Entropy (8bit):5.830130897775082
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:LtOEYhuIM85ryN1itrXljsDf1956h4ReO8Qi2rP:dN1ixXM5gJO8Qi2b
                                                                                                                              MD5:C542E54EACD0A3105EB80D960A93F3FC
                                                                                                                              SHA1:3C09CDB61B329F48025DBBC0FAF469E3208FE46C
                                                                                                                              SHA-256:3C08DC65F95CCD0DCBEAB9BE148CF5F7632A6A01FC5B17A46518B8A48019D4AA
                                                                                                                              SHA-512:7899A0F3296920C63567A9173895A0CA9F85E322A9B68E04834BA76070B2843A5FA1E0824FBAE078A4A082CAE9C0A7652BB49DBB10D717F0CF53E6D1466F3CFA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....&+....++....8+....>+....M+....^+....g+....|+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....&,....?,....T,....a,....n,....u,....},.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:*-...:O-...:d-...;.-...;.-...;.-...;.-...;.-...;*....;=....;U....;c....;.....;./...;P/...;g/...;r/...;y/.. ;./..#;./..$;./..%;./..&;./..(;.0..);#0..*;60..+;E0..,;K0..-;^0...;.0../;.0..0;O1..1;.1..2;82..3;.2..4;.2..5;.3..6;.3..7;23..8;.3..:;j4..;;.4..<;.4..=;.4..>;d5..@;.5..A;A6..C;.6..D;.6..E;.6..F;.6..G;.6..H;.6..I;.6..J;.7..L;H7..M;.7..N;q8..O;.8..P;.8..Q;.8..R;.:..S;.;..T;q<..U;.<..W;.<..Y;.<..Z;.<..[;.<..\;.<..];%=..b;u=..c;.=..d;.>..e;.>..f;->..g;e>..h;.>..i;.>..j;G?..m;r?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.?..w;.?..x;.?..y;.@..z;.@..{;1@..|;G@..};.@..~;.@...;.@...;.@...;.@...;7A...;|A...;.A...;.A...;.B...;+B...;/B...;:B...;BB...;EB...;OB...;RB...;\B...;_B...;mB...;qB...;vB
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\da.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):80484
                                                                                                                              Entropy (8bit):5.455533665728002
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:XqIilBBX9I/OaKuBMomQlq15+Z+GMyQ4wxpOmPvhw/j:XB+TX9yfoomQc15+ZoyWVw/j
                                                                                                                              MD5:652136F8DEE3E802825E42C89BF0485C
                                                                                                                              SHA1:307C6BCD9643BC059A04AA80E697A2F172C18AFF
                                                                                                                              SHA-256:5698DC7D91C368FCACA23879F4DC50CB3979E606A154FC39840E3FA0DC702F18
                                                                                                                              SHA-512:8B56B10E1A22061C846AA3B8C0EA30025F6C65E9594D42D70EB6E77B684200D35980F74E5D680C783919A6AD990ABB0E72E386A29FCF50A822626D7994BA2A3E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.*+....2+....7+....D+....J+....Y+....j+....s+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....0,....?,....X,...._,....h,....n,....q,....x,....{,....|,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:--...;T-...;.-...;.-...;.-...;.-...;.-...;.....;"....;,....;x....;.....;.....;.....;./...;./.. ;./..#;./..$;&/..%;:/..&;B/..(;./..);./..*;./..+;./..,;./..-;./...;.0../;n0..0;.0..1;?1..2;.1..3;$2..4;62..5;X2..6;e2..7;v2..8;.2..9;.3..:;.3..;;.3..<;.4..=;N4..>;.4..@;D5..A;.5..C;.6..D;.6..E;'6..F;26..G;C6..H;R6..I;a6..J;o6..L;.6..M;.6..N;y7..O;.7..P;.7..Q;.7..R;.8..S;b9..T;.9..U;%:..W;@:..Y;H:..Z;O:..[;V:..\;`:..];.:..b;.:..c;.;..d;y;..e;.;..f;.;..g;.;..h; <..i;e<..j;.<..m;.<..p;.=..r;.=..s;.=..t;.=..u;'=..v;==..w;O=..x;P=..y;^=..z;a=..{;.=..|;.=..};.=..~;.=...;.=...;.>...;.>...;w>...;.>...;.>...;.?...;5?...;E?...;I?...;T?...;\?...;_?...;i?...;l?...;v?...;y?...;.?...;.?...;.?
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\de.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):86153
                                                                                                                              Entropy (8bit):5.486586495316791
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:cAKB0+2BYlddBXgfnhryuYRmBYWfApJGHatP0Q1NlkG4hBlZOI80Ar5bN:xKS9KcryuYRm8GwbNqDZXA5bN
                                                                                                                              MD5:E4055A9A8D1C64472281893943055328
                                                                                                                              SHA1:2859CDC1658FA52A63138C5042091CBF8B91D48A
                                                                                                                              SHA-256:82E57CF500D76CC7D2DF41034B1CDF73B1A498128CF598B3FB282B626EB58455
                                                                                                                              SHA-512:8B7297595B8F878C24D93744B9F085A29B3808C81B1EBCEC0C86E6BE3AB9D91A46FFBF73A0585275E68F4FAD9E58073898BF7080036EB7666799A77F75CB7648
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+.....+....$+....3+....D+....M+....b+....o+....u+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....4,....?,....K,....[,....e,....l,....o,....p,....y,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:+-...:g-...:.-...;.-...;.....;.....;,....;5....;i....;{....;.....;.....;./...;i/...;./...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;H0..);h0..*;y0..+;.0..,;.0..-;.0...;.0../;d1..0;.1..1;.2..2;I3..3;.4..4;.4..5;B4..6;S4..7;g4..8;.5..9;.5..:;.5..;; 6..<;C6..>;s6..A;"7..C;.7..D;.7..E;.7..F;.7..G;.7..H;.8..I;%8..J;A8..L;h8..M;.8..N;R9..O;Y9..P;d9..Q;.9..R;.:..S;*;..T;.;..U;.<..W;0<..Y;9<..Z;G<..[;P<..\;_<..];.<..b;.<..c;.=..d;.=..e;.=..f;.=..g;.=..h;Q>..i;.>..j;.>..m;1?..p;_?..r;j?..s;o?..t;s?..u;.?..v;.?..w;.?..x;.?..y;.?..z;.?..{;.@..|;.@..};R@..~;]@...;g@...;u@...;.@...;.A...;eA...;.A...;.A...;.A...;.A...;.A...;.A...;.B...;.B...;.B...;.B...;.B...;(B...;,B...;1B...;3B...;>B...;DB
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\el.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):148899
                                                                                                                              Entropy (8bit):4.929242147484643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:Npi9ixCcZ0pDFMlPDXPnUIgRPQpPQ2NSqi/EXMeELO+J9Kh52hKWPvYcGSS0zd:Npi9yCcgFIPDXvUIgRPQpPDHXMeF+Js4
                                                                                                                              MD5:8B7C1D4A325B3CB33FA2DEDB965492E4
                                                                                                                              SHA1:4FFEE3F95DD6C9C43B229500DD0515BEFA9E49C4
                                                                                                                              SHA-256:E04C28635A79F0CCEB86FE471841E7B210A9D37137EC5D46A2E99893F64074C6
                                                                                                                              SHA-512:C832F2C611023BA034D60F9088B984FCC9893BAA74C715B16B37C3AC8C5CA79437308BB07ECDA70BD31DC667C392815F2E35DF3941E56E52542EC8CB35C6A072
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+.....+....(+.....+....=+....N+....W+....l+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....h,.....,.....,.....,.....-.....-...."-....)-....,-....--....@-....X-....`-....p-.....-.....-.....-.....-..!....."......:(....:I....:.....:.....;./...;./...;./...;.0...;!0...;.0...;.0...;.1...;!1...;.1...;.2...;.2...;.3...;03...;@3.. ;a3..#;u3..$;.3..%;.3..&;.3..(;g4..);.4..*;.4..+;.4..,;.5..-;W5...;.5../;.6..0;.7..1;.8..2;.9..3;.:..4;.:..5;,;..6;S;..7;.;..8;.<..9;->..:;|>..;;.>..<;/?..>;.?..@;.@..A;}A..C;EB..D;hB..E;.B..F;.B..G;.B..H;.C..I;*C..J;NC..L;.C..M;.D..N;GE..O;aE..P;.E..Q;.E..R;.G..S;.H..T;.I..U;%J..W;cJ..Y;qJ..Z;.J..[;.J..\;.J..];.K..b;.K..c;.K..d;.L..e;+M..f;LM..g;.M..h;.N..i; O..j;.O..m;>P..p;.P..q;.P..r;.P..s;.P..t;.P..u;.Q..v;9Q..w;ZQ..x;[Q..y;zQ..z;}Q..{;.Q..|;.Q..};CR..~;RR...;hR...;~R...;.R...;oS...;.S...;IT...;.T...;.T...;.T...;.T...;.T...;.U...;.U...;.U...;.U...;.U...;"U...;0U...;4U...;XU
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\en-GB.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):72141
                                                                                                                              Entropy (8bit):5.505693511311119
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Y/+rWT2EpqqD4iRr595/BgSOQJedMPrThQzhfmgglQDD:YW02EpqOBBj5QQgglQP
                                                                                                                              MD5:BC01EF9F07F4B7B43CA2BA68DBFAC1F3
                                                                                                                              SHA1:24D98C278E569F6EA2E573E8ED34DA84F99699FD
                                                                                                                              SHA-256:6710C03227C7053DBB5616244F0B35CFD1588BE005D547A0F023421530E1FE46
                                                                                                                              SHA-512:917FC03D4DE29E231AEC3D03BD2A5A2862F65B6E920F6508E093761FC234CF964538DC28A199EE035A2A19C99D9C52E5FFEEA5C16531BC600E9351F1F1C11241
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.(+....0+....5+....B+....H+....W+....h+....q+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....(,....7,....H,....P,....X,...._,....d,....k,....n,....o,....t,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.,...:.-...;,-...;`-...;k-...;u-...;z-...;.-...;.-...;.-...;.-...;.-...;(....;R....;c....;m....;r... ;....#;....$;....%;....&;....(;....);./..*;./..+;./..,;./..-;-/...;Z/../;./..0;.0..1;l0..2;.0..3;11..4;@1..5;e1..6;q1..7;.1..8;.2..9;.2..:;.2..;;.2..<;.3..=;93..>;.3..@;.4..A;Y4..C;.4..D;.4..E;.4..F;.4..G;.4..H;.4..I;.4..J;.5..L;$5..M;.5..N;.5..O;.5..P;.6..Q;.6..R;.7..S;.7..T;.7..U;!8..W;D8..Y;J8..Z;T8..[;[8..\;f8..];.8..b;.8..c;.8..d;89..e;L9..f;\9..g;.9..h;.9..i;.:..j;[:..m;.:..p;.:..q;.:..r;.:..s;.:..t;.:..u;.:..v;.:..w;.:..x;.:..y;.;..z;.;..{;';..|;8;..};p;..~;w;...;{;...;.;...;.;...;.;...;)<...;N<...;o<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\en-US.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):72950
                                                                                                                              Entropy (8bit):5.4915925567870705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:03l5u0fzEphzD2Vtrhm5uBpSOqJedMprphwnhfDgglgLFwd:03l5tzEphYFBMnwJgglghwd
                                                                                                                              MD5:CE30D32061B772148CBC966915291EDC
                                                                                                                              SHA1:4C5EDAED4F3BA6E10443F344E757C26F7CEB4CE9
                                                                                                                              SHA-256:88A07BE1329CFDE3486DD0376DE77E289468A750273970AEAE6AD4468C0969F4
                                                                                                                              SHA-512:720FA132A3362EA4F5EA10F30C4996378D1F196210CEF13C38579DBACC1F11E55D6DFDAA3AA0A6A574670A962F6E2910A2D66A64A1E7E1D6466B20529F5652CD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.++..~.6+....>+....C+....P+....V+....e+....v+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.....,....&,....6,....E,....V,....^,....f,....m,....r,....y,....|,....},.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:.-...;:-...;l-...;w-...;.-...;.-...;.-...;.-...;.-...;.-...;.....;/....;Y....;j....;s....;x... ;....#;....$;....%;....&;....(;....);./..*;./..+; /..,;$/..-;3/...;\/../;./..0;.0..1;i0..2;.0..3;01..4;?1..5;d1..6;p1..7;.1..8;.2..9;.2..:;.2..;;.2..<;.3..=;:3..>;.3..@;.4..A;Z4..C;.4..D;.4..E;.4..F;.4..G;.4..H;.4..I;.4..J;.5..L;%5..M;.5..N;.5..O;.6..P;.6..Q;'6..R;.7..S;.7..T;!8..U;R8..W;u8..Y;{8..Z;.8..[;.8..\;.8..];.8..b;.8..c;.9..d;i9..e;}9..f;.9..g;.9..h;.:..i;N:..j;.:..m;.:..p;.:..q;.:..r;.:..s;.:..t;.:..u;.;..v;.;..w;-;..x;.;..y;9;..z;<;..{;];..|;n;..};.;..~;.;...;.;...;.;...;.;...;'<...;_<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.<...;.=...;.=...;.=...;.=
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\es-419.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):85292
                                                                                                                              Entropy (8bit):5.409494723372111
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Zj4IfLaOV6SPZrKdg32LXGROuY8LK40KxFBMH5HhbPVfnDWu+:V4zE6SheEROXbf+
                                                                                                                              MD5:FF816434D53EB3D8B6385D0ED3F2627E
                                                                                                                              SHA1:00D7D4A0678818B42B1A8504E287C435CD423BAD
                                                                                                                              SHA-256:717375F6C54FED018B23D08A2434E9055AD3AA14AA4C94633FF47706E2682492
                                                                                                                              SHA-512:436A5266DF981E7F59943A43AEE4D68532BE646DF37D0E7FFD25F6F6C41F8301F58EF62AD0076199277775C5152B5F1737D70D3D4855F8D9833AFBE8284F787A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.&+.....+....3+....@+....F+....U+....f+....o+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....0,....J,....a,....j,....s,....|,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..-.."..-...:(-...:/-...:Q-...:b-...;.-...;.-...;.-...;.-...;.....;J....;l....;.....;.....;.....;H/...;}/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;E0..);y0..*;.0..+;.0..,;.0..-;.0...;.0../;V1..0;.1..1;n2..2;.2..3;.3..4;.3..5;.3..6;.3..7;.4..8;.4..9;l5..:;.5..;;.5..<;.6..=;]6..>;.6..@;.7..A;.8..C;.8..D;.8..E;.8..F;.8..G;.8..H;.8..I;.8..J;.8..L;29..M;.9..N; :..O;(:..P;/:..Q;T:..R;5;..S;.;..T;6<..U;.<..W;.<..Y;.<..Z;.<..[;.<..\;.<..];.=..b;Y=..c;.=..d;.=..e;.>..f;$>..g;U>..h;.>..i;.?..j;j?..m;.?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.@..w;"@..x;#@..y;5@..z;8@..{;e@..|;x@..};.@..~;.@...;.@...;.@...;.@...;mA...;.A...;.A...;=B...;vB...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\es.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):86916
                                                                                                                              Entropy (8bit):5.377960668037836
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Z1RvPJg0EsLXwSlBLWftv9dY0FZvX9T3g42dh3B1h89zOKISx6ZNzY:Vvu0E4XwSbKI0sN8jgXM
                                                                                                                              MD5:29E406A5E19A35A03825BBA2589EB757
                                                                                                                              SHA1:E656709C79D4F90D0B695FB871D8C540C07B76BB
                                                                                                                              SHA-256:922892EE19C2B5581DDD4EE277339D150576B5555920850B321D1CFF668879D6
                                                                                                                              SHA-512:1BC3CEC78B13725C7274C8D44D8C192B37757E44A8C46DE1F41639D2D4278C04878E214E0A51DE047ADE315339387F3B0A58A121933B796F1B2CF8A010537B1D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....$+....)+....6+....<+....K+....\+....e+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....(,....B,....Z,....c,....l,....u,....{,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..-.."..-...:!-...:(-...:H-...:Y-...;{-...;.-...;.-...;.-...;.-...;%....;L....;u....;.....;.....;5/...;n/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;=0..);q0..*;.0..+;.0..,;.0..-;.0...;.0../;_1..0;.1..1;Y2..2;.2..3;i3..4;.3..5;.3..6;.3..7;.3..8;h4..9;.5..:;_5..<;.5..>;.5..A;m6..C;.6..D;.6..E;.6..F;.7..G;.7..H;!7..I;87..J;M7..L;.7..M;.7..N;W8..O;_8..P;q8..Q;.8..R;.9..S;.:..T;.:..U;.:..W;.;..Y;.;..Z;.;..[;$;..\;4;..];b;..b;.;..c;.;..d;Q<..e;z<..f;.<..g;.<..h;K=..i;.=..j;.>..m;4>..p;g>..q;p>..r;y>..s;|>..t;.>..u;.>..v;.>..w;.>..x;.>..y;.>..z;.>..{;.?..|;.?..};h?..~;p?...;v?...;.?...;.?...;.@...;]@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.A...;.A...;.A...;.A...;"A...;&A...;-A...;/A...;?A...;DA
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\et.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77466
                                                                                                                              Entropy (8bit):5.501112766177588
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:kAaSgj1g3ZuB0oTD8bxQZNJl1zMECshfMfzpc:kpj12EB0ocxQZblVMCfUO
                                                                                                                              MD5:E45987ADFDB4B7CE29A9B9167674C64A
                                                                                                                              SHA1:65BCDEDC404A0B5A88B0159D126E9487C13C6094
                                                                                                                              SHA-256:F5DD367864119091AFD657D7BF6E79CFBB5C3103910A379F64D55C0F936E4350
                                                                                                                              SHA-512:B09E0CB7B331C7A21BABBEBA43169DE127814C40B790D40A89CF65E2FD1E388282BD6820177ED71C848EDE9CFAE152222E21398226A22D2A6F258A6193006D1A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.'+..~.2+....:+....?+....L+....R+....a+....r+....{+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,....(,....=,....K,....a,....j,....t,....z,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:8-...:C-...;d-...;.-...;.-...;.-...;.-...;.-...;.....;,....;8....;.....;.....;./...;./...;!/...;(/.. ;7/..#;?/..$;E/..%;Z/..&;h/..(;./..);./..*;./..+;./..,;.0..-;.0...;J0../;.0..0;.1..1;.1..2;.1..3;.2..4;.2..5;.2..6;.2..7;.2..8;`3..:;.4..;;84..<;Z4..=;.4..>;.5..A;.5..C;.5..D;.6..E;.6..F;.6..G;$6..H;76..I;F6..J;_6..L;.6..M;.7..N;n7..O;~7..P;.7..Q;.7..R;.8..S;!9..T;.9..U;.9..W;.9..Y;.9..Z;.9..[;.9..\;.:..];*:..b;u:..c;.:..d;.:..e;.;..f;";..g;S;..h;.;..i;.;..j;9<..m;U<..p;s<..r;z<..s;}<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.<..z;.<..{;.=..|;)=..};S=..~;_=...;d=...;x=...;.=...;.=...;.>...;B>...;i>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\fa.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):119827
                                                                                                                              Entropy (8bit):5.217967842154896
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:6/kwXneRtqo6NN9/W2ESEmIsm0uKR2X6mA4OfRLEXIjEdr5Pea7E3oLAi4lnjmjx:EkwXneRtqo6NN9/W2ESEmJuY2X6mA4Oc
                                                                                                                              MD5:099BF964BBEF722E4F3451BCB9FC9E8C
                                                                                                                              SHA1:09C3D695E8747F6C45E19031E1BA57A9F27346F3
                                                                                                                              SHA-256:72C1C51D997AD695213DE0FDCCFFCA768C419F78C82C6786B7295402C3E86B3C
                                                                                                                              SHA-512:4966432AD117F3F041863896679A6BA4A4EEC53A7776F04D31DD00AA0C29B7A0C8798352F5BB26B3FB7208D0E680E334BBCE3AA5747320AFAF26A167F3461F14
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....+.....+.....+....#+....4+....=+....R+...._+....e+....t+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+....(,....H,....o,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-....0-....C-....I-..!.\-.."._-...:}-...:.-...:.-...:.-...;5....;.....;.....;.....;.....;G/...;l/...;./...;./...;e0...;.0...;s1...;.1...;.1...;.1.. ;.1..#;.1..$;.1..%;.1..&;.2..(;.2..);.2..*;.2..+;.2..,;.2..-;'3...;.3../;r4..0;G5..1;36..2;.7..3;.8..4;.8..5;_8..6;p8..7;.8..8;.9..:;.:..;;.;..<;B;..=;.;..>;n<..@;Z=..A;->..C;.?..D;.?..E;/?..F;I?..G;c?..H;{?..I;.?..J;.?..L;#@..M;.@..N;.A..O;.A..P;.A..Q;"B..R;.D..S;.E..T;{F..U;.F..Y;.G..Z;4G..[;BG..\;YG..];.G..b;$H..c;{H..d;.I..e;3I..f;ZI..g;.I..h;$J..i;.J..j;"K..m;_K..p;.K..r;.K..s;.K..t;.K..u;.K..v;.L..w;-L..x;.L..y;NL..z;QL..{;.L..|;.L..};.M..~;.M...; M...;2M...;HM...;.M...;WN...;.N...;.N...;.N...;.N...;.O...;.O...;.O...;.O...;)O...;,O...;<O...;?O...;MO...;UO...;]O...;`O...;jO...;tO...;.O
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\fi.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):79870
                                                                                                                              Entropy (8bit):5.449865885662735
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:8OcgeavNb1d/c3JxHFI6q3v2CgUdJjKoR8dmmgxA1EuhUfOmg3:8O1hF5d/c3JxHdquCgUdJjNRwmmgx2rL
                                                                                                                              MD5:691D5B048DDFDAAA705F8F6F6C689472
                                                                                                                              SHA1:35710475CC745C8D1DEDE6ADF7B2027C9F0071A8
                                                                                                                              SHA-256:20FD5702AD913EBA86BD6720C3B639852F28DC9FC1089536FD8AAA9BC3DFBCFA
                                                                                                                              SHA-512:ECB582055AEC9DBAEB32A3978B5621B374C1063FA33F7FB6E175FBF20FBA9C7CAA7BC4B4B24BA619D0BD099BBC31DE2F2D5AAE5B0EFF1EFC8FB212D0105E3FDD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+...."+....(+....7+....H+....Q+....f+....s+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....+,....D,....M,....U,....\,....a,....h,....k,....l,....s,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.-...:*-...:@-...;h-...;.-...;.-...;.-...;.-...;.-...;.....;:....;I....;.....;./...;=/...;N/...;W/...;^/.. ;l/..#;t/..$;y/..%;./..&;./..(;./..);.0..*;.0..+;,0..,;20..-;O0...;q0../;.0..0;B1..1;.1..2;.2..3;.2..4;.2..5;.2..6;.2..7;.3..8;.3..:;?4..;;l4..<;.4..=;.4..>;E5..A;.5..C;.6..D;$6..E;26..F;A6..G;R6..H;f6..I;x6..J;.6..L;.6..M;)7..N;.7..O;.7..P;.7..Q;.7..R;.8..S;09..T;.9..U;.9..W;.9..Y;.9..Z;.:..[;.:..\;$:..];E:..b;.:..c;.:..d;.;..e;.;..f;%;..g;M;..h;.;..i;.;..j;*<..m;L<..p;v<..r;~<..s;.<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.<..z;.<..{;.=..|;'=..};e=..~;k=...;r=...;.=...;.=...;.>...;^>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.?...;.?...;.?...;.?...;!?...;%?...;+?...;-?...;;?
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\fil.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88121
                                                                                                                              Entropy (8bit):5.226141145438586
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6XvGP/99OoiAhh0GeNvuNpEWnG/S4u+p4CzbeeQThlh01oNaFreMD:6fO/7OoiDuLCzqvsreW
                                                                                                                              MD5:0EE8183ADFF71889F13192A0EEFC9D4D
                                                                                                                              SHA1:E2623D51A8877C72CEE264DBC63BBA34980469A2
                                                                                                                              SHA-256:2597B47A9A23DC358B42CBD9B7DDB161D48FF66BE9879B3CB07E60DB3B020EA8
                                                                                                                              SHA-512:0D6A5C16DA76C5B9A2C2827548FA6858E3C3A8D15A9970351020F4E71A47F537A03E102AF50E7F42B8902B516265AEDC84DECE6ED57D8E652BFF0840B3FF38C3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.&+.....+....3+....@+....F+....U+....f+....o+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....2,....E,....a,....i,....q,....|,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..-.."..-...:$-...:6-...:^-...:y-...;.-...;.-...;.-...;.....;.....;?....;Q....;b....;j....;.....;./...;?/...;T/...;a/...;i/.. ;x/..#;~/..$;./..%;./..&;./..(;./..);.0..*;*0..+;A0..,;I0..-;_0...;.0../;.0..0;g1..1;.1..2;\2..3;.2..4;.2..5;-3..6;E3..7;c3..8;.3..9;.4..:;.4..;;.5..<;45..=;e5..>;.5..@;h6..A;.6..C;C7..D;N7..E;]7..F;h7..G;|7..H;.7..I;.7..J;.7..L;.7..M;[8..N;.8..O;.9..P;.9..Q;:9..R;.:..S;r;..T;.<..U;b<..W;.<..Y;.<..Z;.<..[;.<..\;.<..];.<..b;&=..c;P=..d;.=..e;.=..f;.=..g;.>..h;.>..i;.>..j;2?..m;Z?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.?..w;.?..x;.?..y;.@..z;.@..{;.@..|;G@..};.@..~;.@...;.@...;.@...;.@...;8A...;.A...;.A...;.A...;.B...;/B...;3B...;>B...;FB...;IB...;SB...;VB...;`B...;cB...;qB...;uB
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\fr.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):93269
                                                                                                                              Entropy (8bit):5.401750126086286
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:TjndV0538UOcX9hGXEGXxDJlIzKudyroFruFcShuTjIWlotzMNLFUo:TTM538UOcX9hGXEGXxDJlIzKmyroFru8
                                                                                                                              MD5:FBA102C2954366CDA831B61825BFC5B9
                                                                                                                              SHA1:7CA0F9F1B7C8CBC7096BCE1784EDE0D02A19E136
                                                                                                                              SHA-256:8980D3479F91C9E128866714D01DC95CCBAC8A6FC316E396419C39FC8A35D904
                                                                                                                              SHA-512:8C9190D9E5230E57DB7ECF8630F607B872253988056CCEA693D7744B81FD2DA3DBECC9F187AF106FC44881D4F00EABEA87819D63C1DF446AD511A1A67DF7E225
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+...."+....'+....4+....:+....I+....Z+....c+....x+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....5,....D,....L,....T,....],....c,....j,....m,....n,....u,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:8-...:J-...;w-...;.-...;.-...;.-...;.-...;H....;a....;|....;.....;.....;./...;b/...;z/...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;60..);f0..*;x0..+;.0..,;.0..-;.0...;.0../;{1..0;.2..1;.2..2;>3..3;.3..4;.4..5;+4..6;;4..7;V4..8;.4..9;.5..:;.5..;;-6..<;Q6..=;.6..>;37..A;.7..C;[8..D;k8..E;}8..F;.8..G;.8..H;.8..I;.8..J;.8..L;.9..M;.9..N;W:..O;j:..P;.:..Q;.:..R;k<..S;<=..T;.=..U;A>..Y;m>..Z;.>..[;.>..\;.>..];.>..b;.?..c;J?..d;.?..e;.?..f;.?..g;&@..h;.@..i;.A..j;rA..m;.A..p;.A..q;.A..r;.A..s;.A..t;.A..u;.B..v;.B..w;$B..x;%B..y;<B..z;GB..{;uB..|;.B..};.B..~;.B...;.B...;.B...;.C...;.C...;.C...;!D...;[D...;}D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\gu.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):167056
                                                                                                                              Entropy (8bit):4.513426063689328
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:YKz2jxD3e81nAykRXpjdO3ZH6poYiBeI9CQDZKoOG+AuKkSHhSuKBYV27y1bU1Rk:XEiy9
                                                                                                                              MD5:68A49C445261FBEE0A6D4884B1D274F8
                                                                                                                              SHA1:A697183B26B948A615F3606DC5E22242841D9B88
                                                                                                                              SHA-256:76AE556CC64E48F02AF7AA1F4701E7D3D305EFADEC8C59063006A99B550B891E
                                                                                                                              SHA-512:96DCBE7BAE570F6BC3335DF13482A68519E7D53D62B404D546CBB8CE2170938A36C0F7DA0CAF2EEF805E6DC8853C1803C8BD0D527B83B72B3DF36A9ADD672465
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+....!+.....+....4+....C+....T+....]+....r+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....;,....l,.....,.....,.....,.....-....+-....>-....E-....H-....J-....a-.....-.....-.....-.....-.....-..........F...!.\..."._....:}....:.....:.....:./...;i/...;./...;./...;.0...;.0...;.0...;.0...;.0...;.1...;.1...;n2...;.2...;$3...;>3...;G3.. ;x3..#;.3..$;.3..%;.3..&;.3..(;.4..);.4..*;.4..+; 5..,;35..-;o5...;.5../;.7..0;.8..1;$9..2;-:..3;R;..4;.;..5;.;..6;.<..7;E<..8;.=..9;K?..:;.?..;;&@..<;o@..=;.@..>;.B..@;/C..A;7D..C;5E..D;VE..E;.E..F;.E..G;.E..H;.E..I;.F..J;RF..L;.F..M;.H..N;(I..O;YI..P;yI..Q;.J..R;.M..S;.O..T;EP..U;.P..W;-Q..Y;=Q..Z;VQ..[;hQ..\;.Q..];.Q..b;.R..c;.R..d;.T..e;0T..f;bT..g;.T..h;.U..i;vV..j;-W..m;uW..p;.W..q;.W..r;.X..s;.X..t;#X..u;rX..v;.X..w;$Y..x;%Y..y;TY..z;WY..{;.Y..|;.Y..};RZ..~;nZ...;.Z...;.Z...;.Z...;.[...;k\...;.\...;.]...;T]...;d]...;h]...;.]...;.]...;.]...;.]...;.]...;.]...;.]...;.]...;.]
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\he.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):104924
                                                                                                                              Entropy (8bit):4.896708080395801
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:SZ/r8Ty+M3ZIzkE5I47XTpjUBcI/NJ1xnW:G/r8oIzkE5IwXTpjUBcI/NJ1xnW
                                                                                                                              MD5:77D9D8DFAA23976617771FB312B1EE8A
                                                                                                                              SHA1:7DA0108FA6FBF91E6CCA183BBFD405AC64A4442E
                                                                                                                              SHA-256:A81CCB69AD2AB32EB10CD7DBCDFBE318967686858A11EAD2BF4E8D7E663CB203
                                                                                                                              SHA-512:4D19A43F4E396BA8DC576AB7C48FAC28E9CCD100768FE8B9A226C7E9B8BBD7A75D00276D90F12794ED36489C4497874479A9E1624E88A00E7010D699354DD7DB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+...."+....(+....7+....H+....Q+....f+....s+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....%,....<,....Y,....a,....i,....q,....y,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-..!..-.."..-...::-...:N-...:r-...:.-...;.-...;.-...;.....;#....;-....;j....;.....;.....;.....;^/...;./...;.0...;00...;=0...;G0.. ;\0..#;d0..$;l0..%;.0..&;.0..(;.1..);91..*;N1..+;g1..,;o1..-;.1...;.1../;x2..0;.3..1;.3..2;Y4..3;.5..4;"5..5;T5..6;e5..7;.5..8;;6..9;*7..:;e7..;;.7..<;.7..=;*8..>;.8..@;.9..A;.:..C;.:..D;.:..E;.:..F;.:..G;.:..H;.;..I;&;..J;F;..L;.;..M;2<..N; =..O;0=..P;L=..Q;|=..R;.@..S;6A..T;bB..U;.B..W;.B..Y;.B..Z;.C..[;.C..\;0C..];WC..b;.C..c;.C..d;YD..e;.D..f;.D..g;.D..h;aE..i;.E..j;.F..m;EF..p;.F..q;.F..r;.F..s;.F..t;.F..u;.F..v;.F..w;.G..x;.G..y;.G..z;.G..{;UG..|;sG..};.G..~;.G...;.G...;.H...;.H...;.H...;.H...;3I...;qI...;.I...;.I...;.I...;.I...;.I...;.I...;.I...;.I...;.I...;.I...;.I...;.J
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\hi.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):171191
                                                                                                                              Entropy (8bit):4.486041273387984
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:yULIG8AzwfKS53cWhxNq5Wo6ujTHef+a1oE3b8+LljYNh5/ChVmEQmKY4E6MZ/1Y:yUXSrs5
                                                                                                                              MD5:50280F7269EB822C91857E18CE9525A8
                                                                                                                              SHA1:95A0D6BAE3880B7395A37B788A7BC8BB27AD97D1
                                                                                                                              SHA-256:5CA13AA5B79FED7EE31FC5755E346422714F5429C1E3C5444322CC6F27D6DB04
                                                                                                                              SHA-512:721A16EC5275787A9817E54D449E03BDFCE0C9E9FE85A85D151BCC760DC9914BE5DEAA551CD1247DD7602D6D48A4AC1253539E45BD6116ED38B464F2EC2EFCF1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....+.....+.....+.....+....)+....:+....C+....X+....e+....k+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....@,....b,.....,.....,.....,.....,.....-.....-.....-.....-....D-....e-....q-.....-.....-.....-.....-........!....."."....:@....:d....:.....:.....;V/...;./...;./...;.0...;%0...;.0...;.0...;.1...; 1...;.1...;.2...;73...;h3...;.3...;.3.. ;.3..#;.3..$;.3..%;.4..&;04..(;.4..);55..*;e5..+;.5..,;.5..-;.5...;n6../;e7..0;O8..1;d9..2;[:..3;};..4;.;..5;.;..6;.<..7;X<..8;.=..9;3?..:;x?..;;.?..<;.@..=;.@..>;.A..A;.B..C;.C..D;.C..E;.C..F;.C..G;.D..H;FD..I;dD..J;.D..L;AE..M;sF..N;.G..O;.G..P;.G..Q;FH..R;5K..S;.L..T;.M..U;\N..W;.N..Y;.N..Z;.N..[;.N..\;.O..];.O..b;.P..c;>Q..d;1R..e;OR..f;.R..g;.R..h;.S..i;uT..j;;U..m;.U..p;9V..q;[V..r;zV..s;.V..t;.V..u;.V..v;%W..w;{W..x;|W..y;.W..z;.W..{;yX..|;.X..~;/Y...;KY...;\Y...;.Y...;.Z...;9[...;.[...;.[...;+\...;;\...;?\...;J\...;c\...;f\...;p\...;s\...;}\...;.\...;.\...;.\...;.\...;.\
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\hr.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84709
                                                                                                                              Entropy (8bit):5.533851319755023
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:FbmV0KihKAvK7NPXtUDeQFBCXEyRWL8IilM5hnfvbQC26a1KCxQi:b/PKNXtUDeUCXEyEMMjnHbAf1KCxQi
                                                                                                                              MD5:F3FF9859F4EBF45FAC7FFBDF20AEDA5B
                                                                                                                              SHA1:90D350F390831CD3CA481CBE1C1F5D1320927A1D
                                                                                                                              SHA-256:27D92843C2C4456DBEAF74BBA283746AD211CEE3CF8BCD52519363853BC2ECE8
                                                                                                                              SHA-512:732991F13B6F4DB57C3279056C773E45DED828E2D1902F78A7D39379B3E8E3D1A3CC96C0E9EFAB0637FDD16481BF01D22816038A8A181E0A7CBC2105FE8C489D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.#+..~..+....6+....;+....H+....N+....]+....n+....w+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.....,....(,....E,....V,....a,....m,....r,....y,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:<-...:y-...:.-...;.-...;.....;4....;I....;P....;u....;.....;.....;.....;*/...;x/...;./...;./...;./...;./.. ;./..#;./..$;.0..%; 0..&;10..(;y0..);.0..*;.0..+;.0..,;.0..-;.0...;.1../;.1..0;.1..1;Y2..2;.2..3;43..4;H3..5;i3..6;v3..7;.3..8;.4..9;.4..:;.4..;;*5..<;U5..=;.5..>;.6..@;u6..A;.6..C;97..D;D7..E;S7..F;\7..G;l7..H;.7..I;.7..J;.7..L;.7..M;]8..N;.9..O;29..P;>9..Q;]9..R;Z;..S;K<..T;.=..U;_=..W;~=..Y;.=..Z;.=..[;.=..\;.=..];.=..b;.>..c;>>..d;.>..e;.>..f;.>..g;.>..h;Z?..i;.?..j;.?..m;(@..p;M@..r;T@..s;Z@..t;`@..u;x@..v;.@..w;.@..x;.@..y;.@..z;.@..{;.@..|;.@..};1A..~;8A...;=A...;JA...;YA...;.A...;.B...;:B...;lB...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\hu.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):89863
                                                                                                                              Entropy (8bit):5.664762851022001
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:flTMnDZAbpmFYkCFXmKLGqLv/Hu8nNhrZUoSd773dpE2jT/L5g3ICh:fKDZ0pmFYkCF2iGuv30d773dpE2jP5gb
                                                                                                                              MD5:940FC7F16A7B112595A709814F91E57C
                                                                                                                              SHA1:0C0064B701DEA3B1541652019DFAFF58F7AC3EB4
                                                                                                                              SHA-256:85667D53EF4AD8FAA1492A134012557C433E076C1D27B3B3B1E4B2DD7B0AEABD
                                                                                                                              SHA-512:83F9624FF34245065754C4A172346EAF924DD97D625229C19C2595AFE616DB89D82F6F27B17D4F483199C3BDA1A0E163034748BA40637189FF51216274883BA2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.... +....%+....2+....8+....G+....X+....a+....v+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....',....<,....P,....],....j,....z,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-..!..-.."..-...:/-...:C-...:t-...:.-...;.-...;.....;.....;8....;F....;.....;.....;.....;.....;0/...;./...;./...;./...;./...;./.. ;.0..#;.0..$;.0..%;.0..&;>0..(;.0..);.0..*;.0..+;.0..,;.0..-;.0...;.1../;.1..0;.1..1;x2..2;.2..3;.3..4;.3..5;.3..6;.3..7;.3..8;.4..9;R5..:;.5..;;.5..<;.5..=;+6..>;.6..@;A7..A;.7..C;-8..D;F8..E;]8..F;m8..G;|8..H;.8..I;.8..J;.8..L;.8..M;.9..N;.9..O;.9..P;.:..Q;':..R;@;..S;.;..T;/<..U;{<..W;.<..Y;.<..Z;.<..[;.<..\;.<..];.=..b;f=..c;.=..d;.=..e;">..f;7>..g;x>..h;.>..i;C?..j;.?..m;.?..p;.@..q;.@..r;(@..s;.@..t;1@..u;I@..v;d@..w;u@..x;v@..y;.@..z;.@..{;.@..|;.@..};2A..~;9A...;EA...;UA...;eA...;.A...;%B...;VB...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.C
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\id.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77956
                                                                                                                              Entropy (8bit):5.382604957837571
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:oq7Hkraj/1Ze5/SWlEmCUwRX1EdtwbEB5g1CP5sAzb2VhwvRZQBcCaoJ:oqTMaj/1Ze5KWdtwbUZ5sAzaXwYBcCa6
                                                                                                                              MD5:0A69835615E9445065C558DB76256ACC
                                                                                                                              SHA1:E5031D6484EA686ED593223F893FF2B324429226
                                                                                                                              SHA-256:1654D6BDDCE488E75829D790BC2392024227BFE7C88676006CE29BDB69E6E30C
                                                                                                                              SHA-512:33FF0B82DB7350E80100687F7755D7124552CBB88209356B6894FD74EB2F415FD9820EC8202F4359A26439D55EC05BE64DD73AC8033779BF4EF9E5EEA7740757
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+...."+....(+....7+....H+....Q+....f+....s+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....*,....2,....:,....B,....G,....N,....Q,....R,....X,....d,....j,....n,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:.-...;H-...;k-...;}-...;.-...;.-...;.-...;.-...;.-...;.-...;F....;.....;.....;.....;.....;.... ;....#;....$;....%;./..&;./..(;R/..);n/..*;|/..+;./..,;./..-;./...;./../;L0..0;.0..1;!1..2;.1..3;.2..4;+2..5;I2..6;X2..7;{2..8;.3..9;.3..:;.3..;;.4..<;54..=;h4..>;.4..A;.5..C;.6..D;.6..E;.6..F;'6..G;>6..H;Q6..I;`6..J;r6..L;.6..M;.7..N;o7..O;.7..P;.7..Q;.7..R;.8..S;.9..T;y9..U;.9..W;.9..Y;.9..Z;.9..[;.9..\;.:..];.:..b;\:..c;.:..d;.:..e;.:..f;.;..g;+;..h;.;..i;.;..j;.<..m;=<..p;i<..q;s<..r;}<..s;.<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.<..z;.<..{;.=..|;!=..};_=..~;n=...;r=...;.=...;.=...;.=...;0>...;S>...;t>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\it.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84595
                                                                                                                              Entropy (8bit):5.318491727551267
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6OHzYNl25Tmm0kfRIZY9f1t1Cz1yN4tA7kxAj4UNa79hnNOC:6IzF5Tmm0kfRIW9f1t1C5yN4tA7kxAji
                                                                                                                              MD5:C83D309E006DED08A7C8951FE5217108
                                                                                                                              SHA1:656D7EC9251BC9F3310E615561D1925A713821B2
                                                                                                                              SHA-256:8CA6F63D7C826C8FABCC93F2665E4EC9950F799BE5FD9014BBDD3294C0F46652
                                                                                                                              SHA-512:9FD15F281C9D5BEE80C371E83E04B570A9650C004F8FA42685514EDE3E04131BDF7C2187B123A8FD950743B03EFCFA0B289183B5DAF14B3A0E6BEA09E1856B11
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~."+....*+..../+....<+....B+....Q+....b+....k+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....1,....6,....G,....U,....`,....j,....p,....w,....z,....{,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:;-...:M-...;y-...;.-...;.-...;.-...;.-...;.....;3....;D....;L....;.....;.....;-/...;</...;E/...;M/.. ;f/..#;k/..$;s/..%;./..&;./..(;./..);.0..*;.0..+; 0..,;$0..-;@0...;{0../;.0..0;H1..1;.1..3;O2..4;l2..5;.2..6;.2..7;.2..8;]3..9;24..:;[4..;;.4..<;.4..=;.4..>;~5..@;.6..A;.6..C;.6..D;.7..E;.7..F;!7..G;37..H;C7..I;R7..J;l7..L;.7..M;.8..N;.8..O;.8..P;.8..Q;.8..R;.9..S;u:..T;.:..U;C;..Y;i;..Z;|;..[;.;..\;.;..];.;..b;.;..c;0<..d;.<..e;.<..f;.<..g;.=..h;w=..i;.=..j; >..m;W>..p;.>..q;.>..r;.>..s;.>..t;.>..u;.>..v;.>..w;.>..x;.>..y;.>..z;.>..{;.?..|;+?..};t?..~;~?...;.?...;.?...;.?...;.@...;b@...;.@...;.@...;.@...;.@...;.@...;.A...;.A...;.A...;.A...;.A...;"A...;%A...;3A...;7A...;<A...;>A
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ja.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102149
                                                                                                                              Entropy (8bit):5.853654564506458
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wZ02jh0ZHZ2BG3TLzWdSflHZcygvXUI4Zvx8HW6HvUFu9XBMh9++wizuNKVjrf:VDs+HblHZcHvlUm6h9+zizuNKV/
                                                                                                                              MD5:B530E7114503306334F704268BB05ADE
                                                                                                                              SHA1:CE2C039694AF6EBEBB2BC439FC6AB3A280DC6A53
                                                                                                                              SHA-256:1C19D00E328C059D66C8CDBFF656A384C25145E6516C15EDBEB6E79A4C5E7726
                                                                                                                              SHA-512:6E6A3F8F2C3F0B5E094FF1C3EA873F4B73346CAF16CB65A55F656874ADF817229385244716296B2474731E64694965DB6CC0D9E757EC0FF5323D61C40978F904
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........~...|..*..}..*..~..*.....*.....*.....*.....*.....+.....+.....+....%+....++....=+....E+....J+....R+....]+....e+....t+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.... ,....),....2,....8,....A,....H,....K,....X,....k,....q,....w,....},.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:7-...;s-...;.-...;.-...;.....;!....;`....;.....;.....;.....;D/...;./...;.0...;.0...;%0...;+0.. ;:0..#;@0..$;F0..%;g0..&;y0..(;.0..);.1..*;+1..+;=1..,;C1..-;d1...;.1../;(2..0;.2..1;13..2;.3..3;R4..4;d4..5;.4..6;.4..7;.4..8;T5..:;%6..;;i6..<;.6..>;.6..A;z7..C;.7..D;.8..E;.8..F;68..G;T8..H;f8..I;w8..J;.8..L;.8..M;.9..N;.:..O;%:..P;7:..Q;p:..R;[;..S;.;..T;.<..U;.<..W;.<..Y;.=..Z;.=..[;#=..\;5=..];o=..b;.=..c;.=..d;{>..e;.>..f;.>..g;.>..h;"?..i;p?..j;.?..m;.@..p;\@..r;b@..s;e@..t;h@..u;.@..v;.@..w;.@..x;.@..y;.@..z;.@..{;'A..|;>A..};.A..~;.A...;.A...;.A...;.A...;XB...;.B...;.C...;UC...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.D...;.D...;.D...;.D
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\kn.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):191849
                                                                                                                              Entropy (8bit):4.406706226377074
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:oVr7xJx7aipV8gTVNv4s18wEm3SF6RYNUTCKsy8/BS/27DSI:kr7xF8glEm3SF6RY2TCKsyP/27x
                                                                                                                              MD5:1D6CD1093D3F5028ED2FBDAA67892AA5
                                                                                                                              SHA1:C6CAC467DC2AF80BC3FF194A5A5005951D3FA7D0
                                                                                                                              SHA-256:C1FF4D2E88EDBAAEEEDD05DB874F95387A6E58B2AD7CA86937B8E3D30197DD60
                                                                                                                              SHA-512:0C90226C0B804FCA7FBD4AAAE184B66AAC721A9DC81BC58C69F155A5A54C2C13F0E549462CA7469854758D4524A08F400D44D3A389753731FAE3D7FD8578AEFB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....&+....++....8+....>+....M+....^+....g+....|+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+....),....`,.....,.....,.....-....,-....P-....n-.....-.....-.....-.....-.....-.....-.....-.....-....*.....e...............!....."......:.....:./...:}/...:./...;40...;.0...;.0...;M1...;e1...;.1...;,2...;.2...;.2...;r3...;.4...;.4...;.4...;.4...;.5.. ;-5..#;<5..$;Z5..%;.5..&;.5..(;[6..);.6..*;.6..+;.7..,;F7..-;.7...; 8../;[9..0;_:..1;.;..2;.<..3;.=..4;$>..5;z>..6;.>..7;.?..8;.@..9;.B..:;.C..;;.C..<;.C..=;aD..>;.E..@;.F..A;.G..C;.H..D;.H..E;.I..F;8I..G;^I..H;.I..I;.I..J;.J..L;.J..M;.K..N;2M..O;.M..P;.M..Q;.N..R;.R..S;.S..T;.U..U;.U..Y;3V..Z;sV..[;.V..\;.V..];1W..b;.X..c;.X..d;.Y..e;.Y..f;,Z..g;.Z..h;.[..i;.\..j;h]..m;.]..p;>^..q;Y^..r;t^..s;.^..t;.^..u;.^..v;A_..w;._..x;._..y;._..z;._..{;._..|;.`..};.`..~;.`...;.`...;.a...;5a...;.b...;"c...;.c...;.c...;_d...;od...;sd...;~d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ko.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):86324
                                                                                                                              Entropy (8bit):6.165901109815054
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:cUnYAmztJhi1qVd7zd+7f25yTRQglxbEJALFwS2Q/4K5s4WGh/0S1zuyf:yAmJMqVd7z07f2wW2LF3/4KdW0/0S16+
                                                                                                                              MD5:C3A5B2EAB6864263F06DEB21345CA9DA
                                                                                                                              SHA1:676F07ACEA77952C7C2FD7B8BF979669E02B80FD
                                                                                                                              SHA-256:2F1E11EFCCFD4540CFC6F3B089854987192E015B90AE50100C6862C9E4AFC2F8
                                                                                                                              SHA-512:B6E1DA97F9D63C89CE936B9F46B0B0F567F407BD909ECCB8881A78C6BFFAA39A12C692CF7C54640323846C0A0CDE45A7922E7450591541E5F1919FEC172AB841
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....*.....*.....*.....*.....+.....+...."+....1+....7+....I+....Q+....V+....^+....i+....q+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,....',....-,....6,....L,....^,....k,....w,..!.~,.."..,...:.,...:.,...:.,...:.,...;.-...;c-...;.-...;.-...;.-...;.-...;.....;9....;E....;.....;.....;</...;O/...;j/...;s/.. ;./..#;./..$;./..%;./..&;./..(;.0..);@0..*;P0..+;]0..,;c0..-;.0...;.0../;C1..0;.1..1;?2..2;.2..3;G3..4;^3..5;.3..6;.3..7;.3..8;T4..9;O5..:;.5..;;.5..<;.6..=;D6..>;.6..@;K7..A;.7..C;>8..D;R8..E;k8..F;.8..G;.8..H;.8..I;.8..J;.8..L;.9..M;.9..N;.9..O;.9..P;.:..Q;.:..R;K;..S;.;..T;_<..U;.<..W;.<..Y;.<..Z;.<..[;.<..\;.=..];4=..b;.=..c;.=..d; >..e;D>..f;Q>..g;{>..h;.>..i; ?..j;y?..m;.?..p;.?..r;.?..s;.?..t;.?..u;.?..v;.@..w; @..x;!@..y;4@..z;7@..{;l@..|;.@..};.@..~;.@...;.@...;.@...;.@...;gA...;.A...;.A...;0B...;bB...;rB...;vB...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\lt.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):91387
                                                                                                                              Entropy (8bit):5.627530738444946
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:WMHqr/DSTlZF5wxJDVOjWg00wsiYWdT9qKPrmzrfhli3xGm6SQ5njWSgAGiI6:WMKrLSTrwxJDQjET+BExGm6SQ5nD
                                                                                                                              MD5:7A8EFD2DCAE15E8BB928A1602005CCBA
                                                                                                                              SHA1:CA99BE66821A0C4664B213339C2829B1C02DE141
                                                                                                                              SHA-256:D94EF525ABBC2625FDD7AE2DF30B947DBF3853F7ECB4D116754ED94C16804462
                                                                                                                              SHA-512:2B980B9EC4B458B115CBFB650889AACEE4EF2C625276AAB3CF04C89035CF6DA3B89C8AB12C25D16CF6023E3BA6EC715640C03F0E84D0E6AD9F1CAB935E6F863C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....$+....)+....6+....<+....K+....\+....e+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....7,....H,....R,....],....d,....m,....t,....w,....x,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:3-...:`-...:z-...;.-...;.-...;.-...;.....;.....;@....;\....;x....;.....;.....;3/...;h/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;70..);b0..*;u0..+;.0..,;.0..-;.0...;.0../;Z1..0;.1..1;r2..2;.3..3;.3..4;.3..5;.3..6;.4..7;>4..8;.4..9;}5..:;.5..;;.5..<;.6..>;K6..A;.6..C;_7..D;l7..E;u7..F;.7..G;.7..H;.7..I;.7..J;.7..L;.8..M;.8..N;.9..O;.9..P;.9..Q;.9..R;.<..S;I=..T;^>..U;.>..W;.>..Y;.>..Z;.>..[;.>..\;.?..];M?..b;.?..c;.?..d;,@..e;[@..f;r@..g;.@..h;.A..i;.A..j;.A..m;.B..p;GB..r;RB..s;XB..t;]B..u;uB..v;.B..w;.B..x;.B..y;.B..z;.B..{;.B..|;.B..};+C..~;3C...;<C...;PC...;]C...;.C...;!D...;RD...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.D...;.E...;.E...;.E...;.E...;.E
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\lv.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90503
                                                                                                                              Entropy (8bit):5.64684607342749
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Bol6UeSxXYGB5emD9iNyko6dZkmZa4WSun09hPpI02AM2fPy:AjXYGbCyko6dZkmZhvM2fPy
                                                                                                                              MD5:DE31327F0843748A496A74A25F00BA22
                                                                                                                              SHA1:DD94FFEA21EAD9CF0E538C271AAD1A15EED5731F
                                                                                                                              SHA-256:2B9F8D694FE2FAE7444C9C05A0D15BCEFDFB37D78CE38E948C2584F32949E12C
                                                                                                                              SHA-512:73A6EAE8A107B4F292E1B5C9A26726C85F4BBBF9368929E25BD0AD695CA0F0E0133E64AC9DE03EEFA002C10CF8AED81E3C91DF15C57F06430DE7988512C948C4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.%+..~.0+....8+....=+....J+....P+...._+....p+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,....*,....@,....[,....w,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-.....-.....-..!.#-..".&-...:D-...:[-...:.-...:.-...;.-...;.-...;.....;.....;"....;U....;u....;.....;.....;.....;H/...;y/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;>0..);h0..*;~0..+;.0..,;.0..-;.0...;.0../;c1..0;.1..1;R2..2;.2..3;Q3..4;q3..5;.3..6;.3..7;.3..8;W4..9;!5..:;D5..;;r5..<;.5..=;.5..>;M6..@;.6..A;87..C;.7..D;.7..E;.7..F;.7..G;.7..H;.7..I;.8..J;-8..L;c8..M;.8..N;.9..O;.9..P;.9..Q;.9..R;.;..S;.<..T;.=..U;.=..W;.>..Y;.>..Z;.>..[;*>..\;7>..];d>..b;.>..c;.>..d;0?..e;M?..f;b?..g;.?..h;.?..i;;@..j;.@..m;.@..p;.@..q;.@..r;.@..s;.@..t;.A..u;!A..v;7A..w;^A..x;_A..y;uA..z;xA..{;.A..|;.A..};.A..~;.A...;.A...;.B...;(B...;.B...;.B...;.C...;MC...;vC...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C...;.C
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ml.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):203423
                                                                                                                              Entropy (8bit):4.4134685740425486
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:4drQH6H30ayc0qrelqBHa4KgdThKT9LhE3A86:4dQHAGc0qrexCdTwTjE3A86
                                                                                                                              MD5:9E25E829DE22E617AE33D0F7DA21BF1F
                                                                                                                              SHA1:F73B6C9D28EC3F5F00754CC23A6EE0BFE5D39C3C
                                                                                                                              SHA-256:1CDB0CFFC941255A0A4911AA75996AB07F11C2E90237CFF9D429820550013228
                                                                                                                              SHA-512:84F644F7BF15199D5C66167EEBE37FBE2A793CCFE0393BC6208C25783C63DF0C800C9EC81679184EAFFFEB7A077A3FD90C24CD997860164C9A9EC89D9A72AABF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+...."+....'+....4+....:+....I+....Z+....c+....x+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+....%,....k,.....,.....,.....-....C-....a-.....-.....-.....-.....-.....-.....-..........*.....H.....i.....................!../.."../...:8/...:W/...:./...:./...;G0...;.0...;.1...;&1...;J1...;.1...;/2...;h2...;.2...;.3...;.4...;45...;t5...;.5...;.5.. ;.5..#;.5..$;.6..%;56..&;i6..(;.7..);n7..*;.7..+;.7..,;.8..-;V8...;.8../;#:..0;A;..1;.<..2;.=..3;M?..4;.?..5;.@..6;<@..7;.@..8;.B..9;JD..:;.D..;;"E..<;.E..=;.F..>;cG..@;.H..A;.I..C;.J..D;.K..E;3K..F;VK..G;.K..H;.K..I;.K..J;.L..L;.L..M;.N..N;.O..O;uO..P;.O..Q;.P..R;.R..S;.S..T;.T..U;.U..W;.U..Y;.V..Z;:V..[;UV..\;.V..];.W..b;.X..c;.X..d;.Y..e;.Y..f;@Z..g;.Z..h;.[..i;k\..j;N]..m;.]..p;Z^..r;.^..s;.^..t;.^..u;.^..v;;_..w;u_..x;v_..y;._..z;._..{;.`..|;=`..};.`..~;.`...;.a...;4a...;\a...;.b...;Lc...;.c...;=d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.d...;.e
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\mr.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):165740
                                                                                                                              Entropy (8bit):4.503959880018125
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:nllbd+iIMN64Y5CWQ25H0c7epLtyWFQXSLQELBX5fOXDcIEf:CVe/Wq
                                                                                                                              MD5:AC375F26E32FF3C17D65B0BA69A17B0D
                                                                                                                              SHA1:47237085FE146905EAC156DD888187715E591E91
                                                                                                                              SHA-256:3D2812B04004AC80946B2A466748A1CB405928DE26C2C5A3098444F234C22BEA
                                                                                                                              SHA-512:3050F7A2C34A82AF57CBAF14E96751B123D58A1B44901783FE299DE2DB599BE73AA8AB76B352F452321FE556BF5B10624F68A96683064BC281D7CEF2A724E5A1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+...."+....(+....7+....H+....Q+....f+....s+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.... ,....?,....g,.....,.....,.....,.....-.....-.....-....!-....#-....:-....W-....f-....u-.....-.....-.....-....%...!.;...".>....:\....:.....:./...:G/...;./...;g0...;.0...;.0...;.0...;31...;c1...;.1...;.1...;|2...;.3...;.3...;.3...;.3...;.3.. ;.4..#;14..$;J4..%;}4..&;.4..(;y5..);.5..*;.5..+;36..,;O6..-;.6...;.7../;.8..0;.9..1;-:..2;';..3;Q<..4;.<..5;.<..6;.=..7;O=..8;.>..9;}@..:;.@..;;pA..<;.A..=;TB..>;.C..@;.D..A;.E..C;.F..D;.F..E;.F..F;.G..G;2G..H;uG..I;.G..J;.G..L;JH..M;.I..N;.J..O;.J..P;.K..Q;]K..R;.M..S;.N..T;.O..U;.P..W;.P..Y;.P..Z;.P..[;.P..\;.P..];VQ..b;.R..c;rR..d;hS..e;.S..f;.S..g;aT..h;MU..i;.V..j;.V..m;JW..p;.W..q;.W..r;.W..s;.W..t;.X..u;KX..v;.X..w;.X..x;.X..y;.X..z;.X..{;>Y..|;[Y..};.Z..~;.Z...;@Z...;WZ...;.Z...;i[...;.\...;m\...;.\...;.]...;+]...;/]...;:]...;B]...;E]...;O]...;R]...;\]...;_]...;m]...;q]
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ms.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):79456
                                                                                                                              Entropy (8bit):5.293673897835836
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:qKNpV6ScOkf6WQSWzCu2boe05DYOYxgudhRRWFD8u0CVf:a3OchWzCZoe051uPmd8u0Kf
                                                                                                                              MD5:68EED78CFBED1F7D8EC60EF6D9DCA1FA
                                                                                                                              SHA1:9DF230C4CCA8715B8BAD6351168DC47082D87FCE
                                                                                                                              SHA-256:265D15D61FE5FB856E70D7FEFF9C1F5EB56336F012E88A3E907B5380B0A7527F
                                                                                                                              SHA-512:531A35E49C0EF79B3F39D80C000F32700D259D89D623E2B07FD13527D04ADF70124E9ED513BFE937ACDDDCD0BE2C2D333BEB48492C72BC43E8BB2D3BA724A02E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+.....+....*+....0+....?+....P+....Y+....n+....{+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....%,....2,....I,....S,....^,....f,....k,....r,....u,....v,....|,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:/-...:E-...;q-...;.-...;.-...;.-...;.-...;.-...;.....;$....;/....;.....;.....;.....;./...;./...;&/.. ;7/..#;=/..$;E/..%;P/..&;Z/..(;./..);./..*;./..+;./..,;./..-;.0...;,0../;.0..0;.0..1;p1..2;.1..3;Y2..4;j2..5;.2..6;.2..7;.2..8;23..9;.3..:;.4..;;04..<;P4..=;t4..>;.4..@;g5..A;.5..C;96..D;C6..E;P6..F;]6..G;t6..H;.6..I;.6..J;.6..L;.6..M;77..N;.7..O;.7..P;.7..Q;.7..R;.8..S;L9..T;.9..U;.9..W;.:..Y;.:..Z;$:..[;-:..\;<:..];X:..b;.:..c;.:..d;.;..e;/;..f;>;..g;k;..h;.;..i;.<..j;d<..m;.<..p;.<..r;.<..s;.<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.=..z;.=..{;2=..|;G=..};.=..~;.=...;.=...;.=...;.=...;.>...;\>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.?...;.?...;.?...;.?...;'?...;+?...;.?
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\nb.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78385
                                                                                                                              Entropy (8bit):5.42825456747505
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:GwU9/1Gxlo/RNmKJz6BDNF6uImJMUvkhqCQ:GwU9tGvoZNmKYBDNF6uIMCY
                                                                                                                              MD5:B95A6BE251B5011470A7D6F99914E45D
                                                                                                                              SHA1:716078014B5109E74862E685F4074DC4E1A16F18
                                                                                                                              SHA-256:21FA2E87F4C2142A5DE09DD42FA9A85D37BFD19E8B7FA10B960AE099CF613649
                                                                                                                              SHA-512:F951AD557E3B76B7224188AD0ECFD05BE7B46F4758AB29F4C38A45D6A62D63E45ECBC811414CE32AC4AC55C2380BA90AC728172FC75ADFB7965C0596F49D409F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..+..~..+.....+....!+.....+....4+....C+....T+....]+....r+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....$,....;,....B,....J,....U,....Y,....`,....c,....d,....k,....v,....},.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:*-...;X-...;.-...;.-...;.-...;.-...;.-...;.....;3....;D....;.....;.....;./...;./...;$/...;+/.. ;>/..#;C/..$;K/..%;_/..&;k/..(;./..);./..*;./..+;./..,;./..-;.0...;?0../;.0..0;#1..1;.1..2;.1..3;f2..4;y2..5;.2..6;.2..7;.2..8;+3..:;.3..;;.3..<;&4..>;W4..A;.4..C;*5..D;35..E;=5..F;I5..G;[5..H;k5..I;z5..J;.5..L;.5..M;#6..N;.6..O;.6..P;.6..Q;.6..R;.7..S;.8..T;.8..U;.8..W;.8..Y;.8..Z;.8..[;.9..\;.9..];99..b;{9..c;.9..d; :..e;C:..f;V:..g;.:..h;.:..i;-;..j;|;..m;.;..p;.;..r;.;..s;.;..t;.;..u;.;..v;.<..w;#<..x;$<..y;3<..z;6<..{;b<..|;t<..};.<..~;.<...;.<...;.<...;.<...;W=...;.=...;.=...;.=...;.>...;%>...;)>...;4>...;<>...;?>...;I>...;L>...;V>...;Y>...;g>...;k>...;o>...;q>...;~>...;.>
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\nl.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):82287
                                                                                                                              Entropy (8bit):5.380337095761436
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6Ks6wvW/ykDIwEyYn5tdU7A5k6m2Qwr1pHJ4hJo4TtpHQWozyVqf:6KqvW/awEyYn5td2A5kV2hDHJuu4TtpC
                                                                                                                              MD5:A59A89C9979733AAC250850016251B30
                                                                                                                              SHA1:B7EF504380295B114EC27369709FF15924F1316D
                                                                                                                              SHA-256:B623917DABD97C7D5E506A76D57F29085FB017B82C7FE54F2E925F015A340445
                                                                                                                              SHA-512:A55B6C6F350ABE6868CFDB1364E0437433460AF93930CCBEF25FC75F7DEBB0033C60BB1C61893D25845469490C5E19052554BFAAC092BA75AE846423CE2A259C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~."+....*+..../+....<+....B+....Q+....b+....k+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....),....;,....O,....\,....i,....s,....z,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:'-...:U-...:s-...;.-...;.-...;.-...;.-...;.....;K....;^....;p....;}....;.....;5/...;s/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;.0..);*0..*;80..+;F0..,;L0..-;b0...;.0../;.1..0;d1..1;.1..2;A2..3;.2..4;.2..5;.2..6;.3..7;.3..8;.3..9;M4..:;m4..;;.4..<;.4..=;.4..>;l5..@;.5..A;[6..C;.6..D;.6..E;.6..F;.6..G;.7..H;.7..I;%7..J;67..L;]7..M;.7..N;58..O;F8..P;Q8..Q;r8..R;.9..S;.:..T;y:..U;.:..W;.:..Y;.:..Z;.:..[;.;..\;.;..];=;..b;~;..c;.;..d;)<..e;D<..f;X<..g;.<..h;.<..i;&=..j;m=..m;.=..p;.=..q;.=..r;.=..s;.=..t;.=..u;.>..v;.>..w;/>..x;0>..y;;>..z;>>..{;h>..|;.>..};.>..~;.>...;.>...;.>...;.>...;p?...;.?...;.?...;.?...;.@...;-@...;1@...;<@...;D@...;G@...;Q@...;T@...;^@...;a@...;o@...;s@
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\pl.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88465
                                                                                                                              Entropy (8bit):5.748138223488504
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:b891hURMa8od+txCoqn6rIaC47gsN+hDiVAhYh:0RtxCoq4a4ZcDiV/
                                                                                                                              MD5:CA1620E4BDC407C566F6F40572BC88C4
                                                                                                                              SHA1:8AE22A47A39C7F1036F86367B10AAA493A9F9F82
                                                                                                                              SHA-256:B2A2218CB02861946385BB6482BA8F869553DE86DC43D36532D7B61B9CB1779A
                                                                                                                              SHA-512:A63E11162865EDBE6A48967D66F650C9301CA161E84E6A3A42BE119BE94580F57CF7A4A8C76A51BCD3CC605895EC3554ECA768690C542DD96675049B7E93717E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.$+....,+....1+....>+....D+....S+....d+....m+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....*,..../,....D,....O,....[,....e,....l,....s,....v,....w,....~,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:H-...:e-...;.-...;.-...;.-...;.....;.....;=....;Z....;z....;.....;.....;//...;h/...;}/...;./...;./.. ;./..$;./..%;./..&;./..(;.0..);:0..*;I0..+;[0..,;a0..-;z0...;.0../; 1..0;.1..1;.2..2;z2..3;.3..4;*3..5;^3..6;o3..7;.3..8;.3..:;.4..;;.4..<;.4..=;.5..>;.5..@;(6..A;.6..C;.6..D;.7..E;.7..F;.7..G;&7..H;:7..I;J7..J;\7..L;.7..M;.8..N;.8..O;.8..P;.8..Q;.8..R;.:..S;.;..T;s<..U;.<..W;.<..Y;.<..Z;.<..[;.<..\;.=..];&=..b;g=..c;.=..d;.=..e;.>..f;.>..g;B>..h;.>..i;.>..j;.?..m;V?..p;~?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.?..w;.?..x;.?..y;.?..z;.@..{;(@..|;=@..};z@..~;.@...;.@...;.@...;.@...;.A...;cA...;.A...;.A...;.A...;.A...;.A...;.A...;.B...;.B...;.B...;.B...;.B...;"B...;0B...;4B...;9B...;;B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\pt-BR.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84446
                                                                                                                              Entropy (8bit):5.453285986219093
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:vmrYBr2LL6GeOStVY0KzMQN0Y0X4Y5hec6x0xGUX4DbMB9P5ZC:vmkNY+JOStmMQzowMB9C
                                                                                                                              MD5:603057CA797BE5E293FD9B02AE4D7AC1
                                                                                                                              SHA1:D8358ADA4997FD5758652052D68F52220F1BF90C
                                                                                                                              SHA-256:2D6007DE3EC09819554D6209724A7494CD8D68459AF3EC841789F57934CD266D
                                                                                                                              SHA-512:DE32D40B09F6876F0259CCDC10A59B04810B424F299F610B3649D9897ACC42932C6B803FF0A34F362D7143AB634F927E456903F9F87B7CC8B22A1C319689F2EF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....&+....++....8+....>+....M+....^+....g+....|+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....5,....M,....b,....k,....t,....},.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:.-...:<-...:L-...;u-...;.-...;.-...;.-...;.-...;.....;.....;'....;1....;.....;.....;./...;./...;!/...;)/.. ;?/..#;E/..$;N/..%;]/..&;k/..(;./..);./..*;./..+;./..,;./..-;.0...;L0../;.0..0;*1..1;.1..2;&2..3;.2..4;.2..5;.2..6;.2..7;.3..8;.3..9;.4..:;.4..;;.4..<;.5..=;?5..>;.5..@;K6..A;.6..C;(7..D;67..E;D7..F;R7..G;`7..H;r7..I;.7..J;.7..L;.7..M;;8..N;.8..O;.8..P;.8..Q;.8..R;.:..S;E;..T;.;..U;B<..W;h<..Y;p<..Z;|<..[;.<..\;.<..];.<..b;.<..c;+=..d;.=..e;.=..f;.=..g;.=..h;H>..i;.>..j;.>..m;$?..p;U?..r;^?..s;b?..t;e?..u;{?..v;.?..w;.?..x;.?..y;.?..z;.?..{;.?..|;.?..};C@..~;M@...;S@...;`@...;r@...;.@...;2A...;_A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.A...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\pt-PT.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84703
                                                                                                                              Entropy (8bit):5.439652497953441
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:L+HpED1EsYCBeWdRhVxz2qKHxpeJKWWYCx/:LsEDusYN4bJKWRC5
                                                                                                                              MD5:35A7AA99B69432D295F9C64A2C16E4F9
                                                                                                                              SHA1:91D9EB88378CF620B1D21F5E647E2A715277513A
                                                                                                                              SHA-256:861E467DDD65915B6BE5E0F4EDDB8D67546AFCC798D34F7A6B6E079B671904DB
                                                                                                                              SHA-512:42656DE8819692B87937038F116A2A8A105C17D5997CD18F21B0683D824AAB2251AF69152797B6AB498A588A764B3EECD5701D55BBBA72F307B3F424C569FC43
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.*+....2+....7+....D+....J+....Y+....j+....s+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....",....7,....R,....d,....m,....v,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.-...:#-...:D-...:T-...;}-...;.-...;.-...;.-...;.-...;*....;D....;e....;o....;.....;"/...;^/...;v/...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;&0..);Q0..*;a0..+;o0..,;y0..-;.0...;.0../;@1..0;.1..1;22..2;.2..3;43..4;N3..5;{3..6;.3..7;.3..8;M4..9;$5..:;Q5..;;.5..<;.5..=;.5..>;x6..@;.6..A;o7..C;.7..D;.7..E;.7..F;.8..G;.8..H;18..I;H8..J;`8..L;.8..M;.9..N;.9..O;.9..P;.9..Q;.9..R;.:..S;t;..T;.;..U;=<..W;d<..Y;l<..Z;x<..[;.<..\;.<..];.<..b;.=..c;S=..d;.=..e;.=..f;.=..g;/>..h;.>..i;.>..j;'?..m;h?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.?..w;.?..x;.?..y;.@..z;.@..{;=@..|;U@..};.@..~;.@...;.@...;.@...;.@...;VA...;.A...;.A...;.B...;/B...;?B...;CB...;NB...;VB...;YB...;cB...;fB...;pB...;sB...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ro.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):87484
                                                                                                                              Entropy (8bit):5.473143034921812
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:BrMkVL7qczyp6KvtGTMXjcQb0NnobyVwbEYu2zwpgSlJt/hYAh6qIbp92G4f6:N2cGp1vtGQwQbSYu2nSXYAh6qINkGP
                                                                                                                              MD5:6DDB918017D8453646C347E1C7F10E8A
                                                                                                                              SHA1:7F7C648940134EF5A8C1B2237E206A74FADDB5EF
                                                                                                                              SHA-256:275745D81DAC9FBD35D57342E8F9790CF32C3984133C826F1AB5C9A9E8242916
                                                                                                                              SHA-512:37403EF9B8AC5D99D74DB7A07C98E8E4BFC27A2E7273017C08448CAB64DF00A34BFE15D24BFD94C5A5B0FBE061C95F235D6BCAAB77C9B8B7494CF2C978657BDD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.%+..~.0+....8+....=+....J+....P+...._+....p+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.....,....-,....C,....U,....a,....m,....z,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..-.."..-...:#-...:8-...:k-...:.-...;.-...;"....;3....;H....;M....;}....;.....;.....;.....;./...;b/...;./...;./...;./...;./.. ;./..#;./..$;./..%;./..&;.0..(;W0..);x0..*;.0..+;.0..,;.0..-;.0...;.0../;^1..0;.1..1;>2..2;.2..3;.3..4;B3..5;k3..6;{3..7;.3..8;.4..9;.4..:;.4..;;.5..<;,5..=;Z5..>;.5..@;Q6..A;.6..C;.7..D;&7..E;.7..F;97..G;G7..H;^7..I;n7..J;.7..L;.7..M;-8..N;.8..O;.8..P;.8..Q;.8..R;X:..S;.;..T;.;..U;.;..Y;.<..Z;.<..[;.<..\;-<..];W<..b;.<..c;.<..d;3=..e;N=..f;^=..g;.=..h;.=..i;.>..j;.>..m;.>..p;.>..r;.>..s;.>..t;.>..u;.>..v;.?..w;,?..x;-?..y;A?..z;D?..{;l?..|;.?..};.?..~;.?...;.?...;.?...;.@...;.@...;.@...;.@...;.A...;6A...;FA...;JA...;UA...;]A...;`A...;jA...;mA...;wA...;zA...;.A...;.A...;.A...;.A
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ru.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):134331
                                                                                                                              Entropy (8bit):5.043966137383374
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:210reY9B95Sv5W+2pitEoDQgIvR7wAvrt3t2bqaPzLt3mV7Lle9X+vT042Z4Rkxr:MtcHHTqtDQgIvuAvhd2Zvt3mBoF404Kd
                                                                                                                              MD5:26E967E4E67D58D22DAA45B0511945E7
                                                                                                                              SHA1:C5917EA76641EA1F1395C12A29B036A2C57A5C0B
                                                                                                                              SHA-256:6B1226AA78EE841552A8B2F22EE33B73778A94B835232522AAA66D73122E73A9
                                                                                                                              SHA-512:4D2EEFD0CE55C01659D98BD2B0F88970DB4F4847684C1DF3D157164E0228D1B40F9FDD2C43C0B037689B900E77D80E70CDDFA8C22087A5DAD2D01DAD02222DA9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....*.....+.....+.....+....(+....1+....F+....S+....Y+....h+....n+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....<,....c,....s,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-....@-....Q-....]-..!.v-..".y-...:.-...:.-...;.-...;{....;.....;.....;./...;-/...;]/...;w/...;+0...;.0...;.1...;21...;O1...;]1.. ;z1..#;.1..$;.1..%;.1..&;.1..(;G2..);.2..*;.2..+;.2..,;.2..-;.2...;*3../;34..0;.4..1;.5..2;Y6..3;A7..4;e7..5;.7..6;.7..7;.7..8;.8..:;(:..;;v:..<;.:..C;.:..D;.;..F;.;..G;0;..H;\;..I;u;..J;.;..L;.;..M;.<..N;.>..O;.>..P;5>..Q;.>..R;.B..S;.C..T;IE..U;.E..Y;.E..Z;.E..[;.F..\;5F..];wF..b;.G..c;AG..d;.G..e;.H..f;?H..g;.H..h;.I..i;vI..j;.J..m;XJ..p;.J..r;.J..s;.J..t;.J..u;.J..v;.K..w;JK..x;KK..y;~K..z;.K..{;.K..|;.K..};IL...;ZL...;iL...;.L...;.L...;kM...;.M...;.M...;.M...;.N...;.N...;.N...;%N...;(N...;2N...;5N...;?N...;EN...;SN...;WN...;aN...;cN...;kN...;uN...;.N...;.N...;.N...;.N...;.N...;.N...;.N...;.O
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\sk.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):89621
                                                                                                                              Entropy (8bit):5.79426609462712
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:BMvqW9E7u3bevBTQEUcYaQ/QIRvZhRNwoqcHCYnpnGeP3g7E:DRqCBTQE6aQ/J7RNwoqcHCYnJGePg7E
                                                                                                                              MD5:014ACAA7678B5351A06ACB8B0B9B205B
                                                                                                                              SHA1:C5D4B4C5054973C290A4263EC455ED795C1EB0B8
                                                                                                                              SHA-256:8BE2FB8EE246D879F929C0A3CB1AE725AFA74B0F1D241EB5579BCF5EE990EE50
                                                                                                                              SHA-512:6505E6A5C0F00CABD31BED4DECF59F26845BDEB383EA5F73A48A827933509AF02EEC8E703B802C71DFBB305F22BEFF0B8E934B4253415AD71205299559C8BB5E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.%+..~.0+....8+....=+....J+....P+...._+....p+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.... ,....2,....L,....a,....o,....},.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-..!..-.."..-...:--...:?-...:d-...:z-...;.-...;.-...;.....;.....;.....;K....;`....;|....;.....;.....;=/...;x/...;./...;./...;./.. ;./..#;./..$;./..%;./..&;./..(;=0..);d0..*;x0..+;.0..,;.0..-;.0...;.0../;a1..0;.1..1;?2..2;.2..3;)3..4;>3..5;e3..6;t3..7;.3..8;!4..9;.4..:;.5..;;A5..<;g5..=;.5..>;.6..C;.6..D;.6..E;.6..F;.6..G;.6..H;.6..I;.6..J;.6..L;37..M;.7..N;d8..O;z8..P;.8..Q;.8..R;.:..S;.;..T;f<..U;.<..W;.<..Y;.<..Z;.<..[;.<..\;.<..];%=..b;.=..c;.=..d;.>..e;/>..f;=>..g;u>..h;.>..i;.?..j;d?..m;.?..p;.?..q;.?..r;.?..s;.?..t;.?..u;.?..v;.@..w;.@..x;.@..y;/@..z;2@..{;r@..|;.@..};.@..~;.@...;.@...;.@...;.@...;uA...;.A...;.B...;=B...;oB...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B...;.B
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\sl.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):85805
                                                                                                                              Entropy (8bit):5.5026219426420075
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:a3O8KEgw/qvkiNxnIOO43g9av9M/JdFCOoOqghxGTTXUtfpqG:a+mWkOnIc3qqM7FCOTxGTTXEfpqG
                                                                                                                              MD5:3F352FD2B6D628E729761F66A1127EF6
                                                                                                                              SHA1:16D5D482FDB4CE722BC1CA00C405C58F398AFB25
                                                                                                                              SHA-256:E91835FE1D9F93E8E0E08B1A08392B7FE1E8716B4712DF5BA6E7D208AA60F6D6
                                                                                                                              SHA-512:2F33DE72FA8E762C0968DBB0B13DC9BB5A9F1AEDA9CDA5836145421B32A3CAD424767EA81843420E8273D37B5C3379A65038F14A4D0303CE6F6CD14CA3A0BCBC
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+....$+....*+....9+....J+....S+....h+....u+....{+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....&,....9,....C,....K,....Q,....V,....],....`,....a,....i,....t,....y,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:0-...;]-...;.-...;.-...;.-...;.-...;.....;8....;[....;h....;.....;./...;>/...;S/...;\/...;c/.. ;./..$;./..%;./..&;./..(;./..);.0..*;.0..+;@0..,;H0..-;c0...;.0../;.0..0;c1..1;.1..2;Q2..3;.2..4;.2..5;.3..6;.3..7;03..8;.3..9;34..:;_4..;;.4..<;.4..=;.4..>;{5..@;.5..A;i6..C;.6..D;.6..E;.6..F;.6..G;.6..H;.7..I;!7..J;87..L;k7..M;.7..N;.8..O;.8..P;.8..Q;.9..R;.;..S;.<..T;.=..U;.=..W;.>..Y;.>..Z;.>..[;.>..\;2>..];R>..b;.>..c;.>..d;.?..e;#?..f;6?..g;p?..h;.?..i;.@..j;P@..m;p@..p;.@..q;.@..r;.@..s;.@..t;.@..u;.@..v;.@..w;.@..x;.@..y;.@..z;.@..{;(A..|;=A..};yA..~;.A...;.A...;.A...;.A...;.B...;ZB...;.B...;.B...;.B...;.B...;.B...;.C...;.C...;.C...;.C...;.C...;#C...;&C...;4C...;8C...;?C
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\sr.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):128600
                                                                                                                              Entropy (8bit):4.966396411786665
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:UJQwY2ptCOFiNJsMwy1Y+tZD+37hbVO08n9AU+Nlt3r1GL9DGk1XlE:Co+iUSLZS37hZOl9AdFk1u
                                                                                                                              MD5:0497B7130484A365753EC331248D2B19
                                                                                                                              SHA1:A0509FE81F6653DADCC6C263DB21884296364276
                                                                                                                              SHA-256:FA010563901BB84272C15A71A4D80118B8FF22F4D5ABC8E4EF0314C00EB5F037
                                                                                                                              SHA-512:8451E29832DC0122F46A21EB57185F545153A14CEAED421D4511FBB9BA316B7C139CF7CDCB8930064D577AB2D651051442C8545D072209DDD00415D7F37E2664
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~.*+....2+....7+....D+....J+....Y+....j+....s+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+....(,....K,....p,.....,.....,.....,.....,.....,.....-.....-.....-.....-....$-....:-....D-....T-....m-.....-.....-.....-..!..-.."..-...:.-...:.....:B....:g....;.....;./...;C/...;./...;./...;.0...;_0...;x0...;.1...;.1...;.1...;.2...;.2...;-2.. ;M2..#;[2..$;m2..%;.2..&;.2..(;=3..);.3..*;.3..+;.3..,;.3..-;.4...;p4../;.5..0;.5..1;.6..2;+7..3;.7..4;.8..5;F8..6;_8..7;.8..8;D9..:;O:..;;.:..<;.:..>;^;..A;.<..C;.<..D;.<..E;.<..F;.<..G;.<..H;.=..I;3=..J;V=..L;.=..M;.>..N;.?..O;.?..P;.?..Q;.@..R;-C..S;fD..T;.E..U;AF..W;vF..Y;.F..Z;.F..[;.F..\;.F..];.G..b;nG..c;.G..d;`H..e;.H..f;.H..g;.H..h;.I..i;.J..j;.J..m;.J..p;.J..q;.K..r;.K..s;(K..t;4K..u;]K..v;.K..w;.K..x;.K..y;.K..z;.K..{;.L..|;4L..};.L..~;.L...;.L...;.L...;.L...;.M...;.N...;SN...;.N...;.N...;.O...;.O...;.O...;.O...;.O...;&O...;)O...;3O...;6O...;DO...;HO...;VO...;XO...;dO...;pO
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\sv.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78213
                                                                                                                              Entropy (8bit):5.535774584296557
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Y48CmEDTaCxiVeSynzyEy1d3bIkcWpdP/ldOZnCMqeLGBqTP+bRAplEFwSM/ymh6:Y4Vm8aCxiVLynz+cGby+qOx
                                                                                                                              MD5:ED3B9C5064E1453444B5A2649EAD4076
                                                                                                                              SHA1:BE64B48BACAA81004903719AE0A9A078887D10E1
                                                                                                                              SHA-256:3A6746E9A6B609557B7A872AD1132907F6BDDC0B9AE22BBD05E79D2BA42D95AA
                                                                                                                              SHA-512:8AEFC77C4B64EDA81539691A0B4E69A13ED63AB3BB62F644AEF6F8BEB0707EDDF59C3E9927EA2FAED943E475454978184CF28F42744034220F29CC5646F6FBC4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+...."+....'+....4+....:+....I+....Z+....c+....x+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....%,....5,....I,....Q,....Y,....d,....j,....q,....t,....u,....},.....,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.,...:.-...:--...;_-...;.-...;.-...;.-...;.-...;.-...;.....;/....;:....;.....;.....;./...;./...;./...;./.. ;1/..#;6/..$;?/..%;T/..&;`/..(;./..);./..*;./..+;./..,;./..-;.0...;;0../;.0..0;.1..1;u1..2;.1..3;`2..4;w2..5;.2..6;.2..7;.2..8;I3..9;.3..:;!4..;;[4..<;.4..>;.4..A;85..C;.5..D;.5..E;.5..F;.5..G;.5..H;.5..I;.5..J;.6..L;66..M;.6..N;.7..O;.7..P;.7..Q;>7..R;'8..S;.8..T;+9..U;h9..W;.9..Y;.9..Z;.9..[;.9..\;.9..];.9..b;!:..c;K:..d;.:..e;.:..f;.:..g;.:..h;=;..i;.;..j;.;..m;.;..p;.<..q;#<..r;,<..s;2<..t;5<..u;L<..v;b<..w;}<..x;~<..y;.<..z;.<..{;.<..|;.<..};.=..~;%=...;-=...;==...;N=...;.=...;.=...; >...;L>...;t>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\sw.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):80058
                                                                                                                              Entropy (8bit):5.378521333882305
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:FYjK2xEWpMJyF4OTcF4DigjeO4dHG5gQoaOnqtVaQIh1VhEOs+nc+oHw05:wxEtgF4OTcF4DigjPNDtVPe1VhI+nc+I
                                                                                                                              MD5:04842F2AF66FB58DF3E82F3EE0366DB6
                                                                                                                              SHA1:CB1C5641E6B53C71EFEE2B996804B47DEA54EFBB
                                                                                                                              SHA-256:7863CB871E8C97166F2AAC9DA58D63B8A165F3F390601A1AEC36406349185382
                                                                                                                              SHA-512:EF4E2D2899C58292B7DDB4024B95C55EBF56396EA338A3A2933BF79A2CEAF3744DE739326994CF87D1B48D2E074FFAAFF1895ADBF8C30F52E09735D0C76A0BB3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+.... +....&+....5+....F+....O+....d+....q+....w+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....+,....B,....I,....N,....U,....Z,....a,....d,....e,....l,....x,.....,.....,.....,.....,.....,.....,..!..,.."..,...:.,...:.-...:(-...:;-...;j-...;.-...;.-...;.-...;.-...;.-...;.....;6....;@....;.....;.....;(/...;;/...;E/...;I/.. ;^/..#;e/..$;l/..%;./..&;./..(;./..);.0..*;(0..+;40..,;>0..-;W0...;.0../;.0..0;`1..1;.1..2;g2..3;.2..4;.3..5;?3..6;N3..7;o3..8;.4..9;.4..:;.4..;;>5..<;o5..=;.5..>;76..@;.6..A;27..C;.7..D;.7..E;.7..F;.7..G;.7..H;.7..I;.8..J;.8..L;I8..M;.8..N;.9..O;-9..P;@9..Q;d9..R;r:..S;.:..T;_;..U;.;..W;.;..Y;.;..Z;.;..[;.;..\;.;..];.<..b;[<..c;.<..d;.<..e;.<..f;.=..g;A=..h;.=..i;.=..j;6>..m;Y>..p;.>..r;.>..s;.>..t;.>..u;.>..v;.>..w;.>..x;.>..y;.>..z;.>..{;!?..|;4?..};l?..~;s?...;|?...;.?...;.?...;.?...;;@...;s@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.A...;.A...;.A...;.A...;%A...;)A...;-A
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\ta.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):195736
                                                                                                                              Entropy (8bit):4.240058259742912
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:a7i5r1tD0DOTbej23CA+fp2E2k4ca6QVW0Yg1ortR6L+EZ5a5Au5KVn2nYhTF6c5:a7i5r1GDO2j236tRer
                                                                                                                              MD5:2878E0F7E5E2B0B0BB5C0A4F7345515F
                                                                                                                              SHA1:8D8832B8FBD7F94F14A540E07B548948D9FE31E4
                                                                                                                              SHA-256:E242CCE909C4DEC25C81EAEC3E17C7261EDC5633F774D63A74CA22E545D19E59
                                                                                                                              SHA-512:D15A481BDB68CC1CC7F46141D36B46F9804935F36E9898A2551F803239F55BA018F84D9488A4C3C5824CDA03ED582D1F6BB507BC978C000FD84677782E07CC14
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..+.....+.....+....$+....*+....9+....J+....S+....h+....u+....{+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....:,....z,.....,.....-....3-....Q-....f-....r-....y-....|-....}-.....-.....-.....-..........=.....................!....."......:./...:-/...:./...:./...;.0...;F1...;.1...;.1...;.1...;h2...;.2...;.2...;.3...;.4...;.4...;.5...;.5...;.5...;.5.. ;.6..#;)6..$;;6..%;p6..&;.6..(;c7..);.7..*;.7..+;)8..,;D8..-;.8...;09../;.:..0;.;..1;.=..2;W>..3;.?..4;.@..5;.@..6;.@..7;6A..8;.B..9;.D..:;<E..;;.E..<;$F..=;.F..@;.H..C;,I..D;CI..E;qI..F;.I..G;.I..H;.I..I;.J..J;TJ..L;.J..M;XL..N;ZM..O;.M..P;.N..Q;}N..R;.Q..S;DR..T;RS..U;RT..W;.T..Y;.T..Z;.T..[;.U..\;8U..];.U..b;vV..c;.V..d;.W..e;.X..f;.X..g;.Y..h;4Z..i;.[..j;.[..m;]\..p;.\..q;.\..r;.]..s;.]..t;']..u;g]..v;.]..w;.]..x;.]..y;.^..z;.^..{;.^..|;.^..};i_..~;._...;._...;._...;._...;8a...;.a...;Nb...;.b...;.c...;.c...;.c...;(c...;0c...;3c...;=c...;@c...;Jc...;Mc...;bc...;fc...;xc...;zc
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\te.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):184081
                                                                                                                              Entropy (8bit):4.4186069721788215
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:4i+BZuswrKJA7Hi9x6cH/VTCIAgbSqBdzEkXQtG5KLwD7x+mU/:GZVwrKJAWBH/V2IAgbSqBdzEkXQtGwLT
                                                                                                                              MD5:D432CBEF00995B40C6F1D1AC28F48FC7
                                                                                                                              SHA1:3B25E1514671F5488C27AA9921B463313151B035
                                                                                                                              SHA-256:98ADC97B9CE5ADD5D8D7AD43FD74C50E760E17D1CA4AF7EFF81FB488963FCE0C
                                                                                                                              SHA-512:744938779052543686DF0A68603D9E47AA90012EE3B64BF4E57FEAD3CABE6E4C7B8AE0620D728C77BBB2BD2C4FEF718FBCBBB54EA9AB32054D6BECCD6B0C6BE8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}.#+..~..+....6+....;+....H+....N+....]+....n+....w+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,....9,....m,.....,.....,....$-....K-....r-.....-.....-.....-.....-.....-.....-.....-..........&.....W.....................!../.."../...:!/...:I/...:./...:./...;M0...;.0...;$1...;l1...;.1...;.2...;N2...;.2...;.2...;.3...;\4...;.4...;.5...;G5...;S5.. ;.5..#;.5..$;.5..%;.5..&;56..(;.6..);G7..*;.7..+;.7..,;.7..-;38...;.8../;.9..0;.:..1;.<..2;<=..3;.>..4;.>..5;.?..6;C?..7;.?..8;UA..9;VC..:;.C..;;!D..<;sD..=;.D..>;(F..@;pG..A;~H..C;.I..D;.I..E;.I..F;.J..G;2J..H;nJ..I;.J..J;.J..L;VK..M;.L..N;.M..O;.M..P;.M..Q;^N..R;.P..S;.Q..T;iR..U;;S..W;.S..Y;.S..Z;.S..[;.S..\;3T..];.T..b;pU..c;.U..d;.V..e;AW..f;.W..g;.W..h;.X..i;.Y..j;`Z..m;.Z..p;.[..q;$[..r;B[..s;K[..t;c[..u;.[..v;.[..w;G\..x;H\..y;.\..z;.\..{;.\..|;.]..};.]..~;.]...;.^...;.^...;V^...;._...;+`...;.`...;.`...;Ja...;.a...;.a...;.a...;.a...;.a...;.a...;.a...;.a...;.a...;.b...;.b
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\th.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):159993
                                                                                                                              Entropy (8bit):4.515421369825943
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:KilC40CJFkSCkIOBVVmMRD+Puv3bUGw1pSd9zlv7QbAdhl0qZtJClRR/v0:KdCJFkSCkIOBV5qPuv3bUGw1pSd9zlU4
                                                                                                                              MD5:905F032DB6E1D6C4C93E35A875532190
                                                                                                                              SHA1:583EE5F4651D4BF6C6C827796CB087C9AD7F5EC4
                                                                                                                              SHA-256:23762FB4F440544E02E58512A917DD02D885932372264583680AC870558473A6
                                                                                                                              SHA-512:5BFAA0677E9CA376D62642391E7A9B7D0FA1E228DFAFF0CD29A7E2A6D70C784FF72E846AA7C81422A846A5B22F45274840600A65D50621794F28AD797FBEA19E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....*.....*.....+.....+.....+....2+....?+....E+....T+....Z+....l+....t+....y+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....Z,....~,.....,.....,.....,.....,.....,.....,.....-....)-....5-....G-....z-.....-.....-.....-..!..-.."..-...:.....:#....:f....:.....;.....;z/...;./...;./...;./...;O0...;.0...;.0...;.0...;u1...;.1...;U2...;.2...;.2...;.2.. ;.3..#; 3..$;/3..%;V3..&;t3..(;.4..);\4..*;.4..+;.4..,;.4..-;.4...;P5../;N6..0;s7..1;.8..2;.9..3;`;..4;.;..5;.;..6;.;..7;(<..8;s=..:;.?..;;.?..<;.?..=;N@..>;.A..@;.B..A;,D..C;NE..D;cE..E;.E..F;.E..G;.E..H;.E..I;.F..J;7F..L;.F..M;xG..N;=H..O;bH..P;.H..Q;.H..R;SK..S;QL..T;!M..U;.M..W;.M..Y;.M..Z;.N..[;/N..\;JN..];.N..b;.O..c;kO..d;YP..e;.P..f;.P..g;.P..h;.Q..i;\R..j;.S..m;MS..p;.S..r;.S..s;.S..t;.S..u;.T..v;XT..w;yT..x;zT..y;.T..z;.T..{;.T..|;.T..};kU..~;.U...;.U...;.U...;.U...;.V...;qW...;.W...;`X...;.X...;.X...;.X...;.X...;.X...;.X...;.X...;.X...;.X...;.Y...;.Y...;.Y...; Y...;"Y...;+Y...;@Y
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\tr.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):82934
                                                                                                                              Entropy (8bit):5.6362117684923
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:PQtPeptagXAOv+yLPhRNH2Hjn4hnMeuCxWd57YBSJ81tZRhEBD8GKUnjubI3Fr:PQt2ptagXAOv+yLPNH2HWnMedBw81PrI
                                                                                                                              MD5:21B06573A05893036A92F47E6CB965BF
                                                                                                                              SHA1:3D9DAC87C966747A967FE9C4EEF25C279D40B027
                                                                                                                              SHA-256:16FD586BE5F204F203150531D2F8423ED9C3C185EE7702F1D775CA15B67BDE38
                                                                                                                              SHA-512:94E5881075422F13CCC215D4CEF9FE3A2559A11763E6F953A479478D98B316E4E00C431F9442521FFEFD54E3F92822D66B6FB7DA74ED0C436B3C99290092E192
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....$+....)+....6+....<+....K+....\+....e+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,....3,....I,....c,....{,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,..!..-.."..-...:$-...:<-...:n-...:.-...;.-...;.-...;.....;#....;(....;_....;z....;.....;.....;./...;b/...;./...;./...;./...;./.. ;./..#;./..$;./..%;./..&;.0..(;O0..);u0..*;.0..+;.0..,;.0..-;.0...;.0../;X1..0;.1..2;<2..3;.2..4;.2..5;.2..6;.3..7;.3..8;.3..9;l4..:;.4..;;.4..<;.4..=;.5..>;.5..@;.6..A;.6..C;.7..D;.7..E;.7..F;.7..G;+7..H;;7..I;L7..J;c7..L;.7..M;.8..N;{8..O;.8..P;.8..Q;.8..R;.9..S;h:..T;.:..U;.;..W;';..Y;-;..Z;>;..[;G;..\;U;..];|;..b;.;..c;.;..d;L<..e;q<..f;.<..g;.<..h;.=..i;h=..j;.=..m;.=..p;.>..q;.>..r;.>..s;.>..t;.>..u;2>..v;G>..w;f>..x;g>..y;w>..z;z>..{;.>..|;.>..};.>..~;.?...;.?...;.?...;'?...;.?...;.?...;&@...;S@...;y@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.@...;.@
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\uk.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):137010
                                                                                                                              Entropy (8bit):5.055989661678431
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:pDYGvB3IjpPkSzLwRPu0VZCDLNiXMlQUCqJ7MVUMTEb4UsJo:lvB3Ijp1tLNiXMjCqJCq
                                                                                                                              MD5:CD0E720F7685CEC9DE1C7106A17D369D
                                                                                                                              SHA1:7CA1FB0EABD13BB3A5ADA0084F1CA6ADC76189D9
                                                                                                                              SHA-256:294A0ACE6F5BE8F6EB9612DA3C6A96D7FE28B37055CCB50734B6939E267A0470
                                                                                                                              SHA-512:E75B3117B3A57DBB8EAAA35AC97A15A9A4131094BA73B0D953E7D9990406E9A05B0154F51A737C9C3A51890BC4DC5D4567E7A42D38F24BFB6902FC0467D66C72
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..+..}..+..~..+....$+....)+....6+....<+....K+....\+....e+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....&,....P,....{,.....,.....,.....,.....,.....,.....-.....-.....-.....-....3-....=-....O-....c-.....-.....-.....-..!..-.."..-...:.-...:.....:h....:.....;.....;m/...;./...;./...;./...;./...;.0...;=0...;[0...;.1...;.1...;.2...;G2...;W2...;e2.. ;.2..#;.2..$;.2..%;.2..&;.2..(;e3..);.3..*;.3..+;.3..,;.3..-;.4...;|4../;!5..0;.5..1;.6..2;~7..3;g8..4;.8..5;.8..6;.9..7;N9..8;):..:;h;..;;.;..<;.<..>;g<..A;9=..C;.=..D;.>..E;.>..F;0>..G;K>..H;w>..I;.>..J;.>..L;.?..M;.?..N;.A..O;.A..P;.A..Q;.A..R;.F..S;.H..T;.I..U;.I..W;.J..Y;#J..Z;FJ..[;_J..\;|J..];.J..b;FK..c;.K..d;-L..e;TL..f;.L..g;.L..h;.M..i;.N..j;wN..m;.N..p;*O..r;@O..s;LO..t;RO..u;.O..v;.O..w;.O..x;.O..y;.O..z;.P..{;JP..|;vP..};.P..~;.P...;.P...;.Q...;%Q...;.Q...;lR...;.R...;.S...;6S...;FS...;JS...;US...;]S...;`S...;jS...;mS...;wS...;zS...;.S...;.S...;.S...;.S...;.S...;.S
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\vi.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96974
                                                                                                                              Entropy (8bit):5.818608245212573
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:XTf8OZG5ICMm2KAPnijSPiz+sJ6m9+e8Mv2nclg4m9WbICkoqC+bkW8TWilnd0CE:Xj8wm2KAPni+Piz+sJ6m92Mv2LT9WbtM
                                                                                                                              MD5:5BACF8E262496C2FABF14D30FA1BAB2E
                                                                                                                              SHA1:8027235A5B8E6D91A6D8F4C6AA3F8F641B8BB62D
                                                                                                                              SHA-256:BD0B9D7C10F2A50B0B98791794145841636D2C5B8D36A4854BEAC2E64EBBD469
                                                                                                                              SHA-512:98F129286C434C33608D9033FB114C6518514C5C4DBFEC320A744AAA136BB1F9B3640C38321619491C92EE8E381CC3B47769B904EA6A77123F7F5A56A92F07A2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....+.....+.....+.....+....-+....>+....G+....\+....i+....o+....~+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,....F,....e,....n,....w,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....,.....-.....-..!..-.."..-...:8-...:E-...:t-...:.-...;.-...;.-...;.....; ....;,....;u....;.....;.....;.....;!/...;./...;./...;./...;./...;./.. ;.0..#;.0..$;"0..%;-0..&;70..(;.0..);.0..*;.0..+;.0..,;.0..-;.1...;W1../;.1..0;d2..1;.3..2;.3..3;%4..4;54..5;i4..6;y4..7;.4..8;A5..9;16..:;U6..;;.6..<;.6..=;.6..>;.7..@;(8..A;.8..C;A9..D;J9..E;U9..F;_9..G;s9..H;.9..I;.9..J;.9..L;.9..M;s:..N;.:..O;.:..P;.;..Q;';..R;]<..S;.<..T;o=..U;.=..W;.=..Y;.=..Z;.=..[;.=..\;.>..];3>..b;.>..c;.>..d;.?..e;??..f;Z?..g;.?..h;.@..i;p@..j;.@..m;.@..p;)A..q;4A..r;=A..s;CA..t;GA..u;aA..v;.A..w;.A..x;.A..y;.A..z;.A..{;.A..|;.A..};IB..~;aB...;nB...;}B...;.B...;.C...;iC...;.C...;.C...;.D...;.D...;.D...;'D...;1D...;4D...;>D...;AD...;KD...;ND...;\D...;`D
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\zh-CN.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):72657
                                                                                                                              Entropy (8bit):6.7081756756151485
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:+ee7f6LcBJO/ggdzemjWPJkWhc9WRlsWEu:feX3O/ggdzemKakUWlku
                                                                                                                              MD5:DEE4A1A5BAF9B01303F09945DDACD1D9
                                                                                                                              SHA1:58EFEF6EC440EAB597197CDC1DF959B7B9E4EC24
                                                                                                                              SHA-256:694C61983F5DF925CB9AE5573AB24A430207C227092270BA1581679E774A1921
                                                                                                                              SHA-512:DD8BBD0712CA1C53644AEA1E446631C21C5591552AFB283BF7BF27F35B8343EBCE7A7C1571EBB188F3BEB2882B3175734F66C5E7D1D5A75C2815B4488B04C710
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....*.....*.....*.....*.....+.....+....!+.....+....4+....F+....N+....V+....a+....i+....x+....}+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.....,....!,....',....-,....9,....M,....V,....\,..!.h,..".k,...:.,...:.,...:.,...:.,...;.,...;.-...;%-...;:-...;@-...;m-...;.-...;.-...;.-...;.....;?....;n....;{....;.....;.... ;....#;....$;....%;....&;....(;./..);H/..*;W/..+;c/..,;i/..-;x/...;./../;.0..0;.0..1;.1..2;.1..3;I2..4;X2..5;{2..6;.2..7;.2..8;&3..9;.3..:;.3..;;)4..<;O4..=;x4..>;.5..A;.5..C;.6..D;"6..E;+6..F;16..G;:6..H;I6..I;Z6..J;r6..L;.6..M;.6..N;v7..O;.7..P;.7..Q;.7..R;r8..S;.8..T;>9..U;t9..W;.9..Y;.9..Z;.9..[;.9..\;.9..];.9..b;2:..c;P:..d;.:..e;.:..f;.:..g; ;..h;.;..i;.;..j;.<..m;L<..p;v<..q;|<..r;.<..s;.<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.<..z;.<..{; =..|;4=..};j=..~;v=...;|=...;.=...;.=...;.=...;2>...;c>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.>...;.?...;.?...;.?...;.?...;5?
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\locales\zh-TW.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):72935
                                                                                                                              Entropy (8bit):6.706836138074188
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:ZZDSxqJ1u9htEjnuRtedHG/ape3mPzJ80aHYRhbfSxzVnBAJ5HV3XiPnhb5mxgTv:ZAxu8LYnuRtedHVX180fmoJ5H9XiPhbB
                                                                                                                              MD5:B3A5AA832E2572F6B932D3444B9D7E1D
                                                                                                                              SHA1:10843DDAB1F71C4AE5810D5FDCDD51F547648C43
                                                                                                                              SHA-256:38F6A0FEA3F2EB4147FEF2008A5B7757AC8F44BD704B194E09CB2DD30D6A90EE
                                                                                                                              SHA-512:585191A0267B42F18615F28AFB2F87555843F637124E9F3B6449735B7B1729A4C078AF2152AC0A313F21C1621C0229D9263F9B6DE8633A418E3A500293EA832E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............|..*..}..*..~..*.....*.....*.....*.....*.....*.....+.....+....++....8+....>+....M+....S+....e+....m+....r+....z+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....+.....,.....,.....,.....,.....,....(,.....,....4,....@,....T,....],....c,..!.o,..".r,...:.,...:.,...:.,...:.,...;.,...;)-...;>-...;Y-...;_-...;.-...;.-...;.-...;.-...;.....;[....;.....;.....;.....;.... ;....#;....$;....%;....&;....(;D/..);s/..*;./..+;./..,;./..-;./...;./../;S0..0;.0..1;A1..2;.1..3;M2..4;\2..5;.2..6;.2..7;.2..8;+3..9;.3..:;.3..;;/4..<;X4..=;.4..>;.5..@;.5..A;.5..C;l6..D;~6..E;.6..F;.6..G;.6..H;.6..I;.6..J;.6..L;.7..M;q7..N;.7..O;.7..P;.7..Q;.8..R;.8..S;O9..T;.9..U;.9..W;.9..Y;.9..Z;.:..[;.:..\;.:..];>:..b;.:..c;.:..d;.;..e; ;..f;/;..g;Z;..h;.;..i;.<..j;C<..m;m<..p;.<..q;.<..r;.<..s;.<..t;.<..u;.<..v;.<..w;.<..x;.<..y;.=..z;.=..{;F=..|;Z=..};.=..~;.=...;.=...;.=...;.=...;.>...;a>...;.>...;.>...;.>...;.>...;.>...;.>...;.?...;.?...;.?...;.?...; ?...;#?...;/?...;3?...;<?...;@?
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\natives_blob.bin
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):82118
                                                                                                                              Entropy (8bit):5.034992186435272
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:+bz4Oif2sMnL8gDpKD0rrr/4or06mGsY3csV3iEBSsU0fHBvJ4YfD3z5Q29ei7gy:+bz4Oif2sMaEBSJ0fHBvOYbj5heikwVJ
                                                                                                                              MD5:1582FFE1B8CB37438BC22EDEE6CD0A90
                                                                                                                              SHA1:01AF249F33B2E5FFBA18BA8F7CD76F2EE0E5F425
                                                                                                                              SHA-256:02586EEAF4CE40D1B34310D885E34FB63E8E9F155FCEDBD796536735907CBE80
                                                                                                                              SHA-512:8C66BA4EF15FEA573C29F0F6977E290B8FD72F4C8833F31A9B0EF4285F5493E9B27DAF3A02C352ED12EADCE36CDA933D9D97576BFA4DCBBCC04294E73AD9EBFC
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: @CommonOperationsU..(function(global, binding, v8) {.'use strict';.const _queue = v8.createPrivateSymbol('[[queue]]');.const _queueTotalSize = v8.createPrivateSymbol('[[queueTotalSize]]');.const _isSettled = v8.createPrivateSymbol('isSettled');.const Boolean = global.Boolean;.const Number = global.Number;.const Number_isFinite = Number.isFinite;.const Number_isNaN = Number.isNaN;.const RangeError = global.RangeError;.const TypeError = global.TypeError;.const TypeError_prototype = TypeError.prototype;.const hasOwnProperty = v8.uncurryThis(global.Object.hasOwnProperty);.const getPrototypeOf = global.Object.getPrototypeOf.bind(global.Object);.const getOwnPropertyDescriptor =.global.Object.getOwnPropertyDescriptor.bind(global.Object);.const thenPromise = v8.uncurryThis(Promise.prototype.then);.const JSON_parse = global.JSON.parse.bind(global.JSON);.const JSON_stringify = global.JSON.stringify.bind(global.JSON);.function hasOwnPropertyNoThrow(x, property) {.return Boolean(x) && hasOwnPrope
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources.pak
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8657690
                                                                                                                              Entropy (8bit):6.565783719566008
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:q7DB/Q9d5h3I2qd9VUtC1hhNm589CG+8bytTwU:GDB/yd5h3ydxhfw1aWtX
                                                                                                                              MD5:ECE1281ABFE1F39AECBD5250D5252403
                                                                                                                              SHA1:9F995DAEC49CDB2A3F60C93B3DBF53C6CA0941E4
                                                                                                                              SHA-256:64725EEE7BE0C64D7D034E77EE0B4A229D59A0865539C3E70CC7A534A89B5182
                                                                                                                              SHA-512:CD78A0125BB77C9DCEA4616544117789BC2D5C75D48123AC50B1AACCFD14AB43955850C155B4DD875DC34FCA813E9CC7030EDA2EE7CC71E418F384F19686FFB4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............B10...C1.{..:C1...;C>...<C....=CO...>C.`..?CFd..@Cwi..AC.r..BC.t..CC.u..DC.y..EC&|..FCd...GC.(..HCa1..IC.2..JC.3..KC.4..LC.9..MCq;..NC.@..OC.E..PC.Z..QC.o..RC.t..SC.u..TCb}..UC]...VC....`Cml..aC.q..bC.t..cC,v..dC.}..eC...fC....gC....hC...iC...jCT...kCt...lC,+..mC.M..nC.O..oCLQ..pC.S..qC.Y..rCWa..sCzv..tChx..uC....vCQ...wC....xC...yC....zC....{C...|C}...}C....~C\....C.....C.....Cl....C;....C.....C.....C.....O.....O.....O.....O.....O.....Ob....Op....Ot....O.....O.#...O.%...OX'...O}/...O.3...O{6...O.?...O.^...O.`...OZf...Ozg...O.h...O.j...O.o...O.w...Ojz...O7....O....O.....O....O....O.....Ou....O.....O....FP....GPx....ae....a.<...a>=...aJl...aGm...a.o...a.p...akr...a.s...a\u...aTv..:a/x...cu....c.....c....cC....c....c....c....c.....c(....c(....c.....c.....cL....c.....c.....c.....c'....c.....c.....c.....cJ....c.....c.....c.....c$"...co$...c.-...c./...c.3...c.@...c.C...c.L...c.N...c{....c_....c....c.....c.....c^....c.....c.....cg....c.....c.....c.6...c.6...c)9...c.;
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app-update.yml
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):129
                                                                                                                              Entropy (8bit):4.610330239441468
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:8trBApZAVsoBqFPEPDpSWQn1AaHNyCH5FgSHF/vn:eB2ZAVvBugDwWQnbH5aSHFn
                                                                                                                              MD5:F03239CE4B75AA0A8C59DD292A4C57E8
                                                                                                                              SHA1:0ABB6CFB6C7F3AA8737FD13896B879A8AE7AD612
                                                                                                                              SHA-256:BFE67DF05F1D711122A4DDACF45D2183BDCDB24F6463B29C93D21AE3D03B4E6D
                                                                                                                              SHA-512:4E542FEB0553BD70FD0F18DA3CB8611DAF7686CB10FCD941B41607D720D77C08F4FB79A44001D05D97902CC2C1C8255450C63415C2E6DEC86AE452222FEEB178
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: owner: SideQuestVR.repo: SideQuest.provider: github.updaterCacheDirName: sidequest-updater.publisherName:. - The Expanse VR Ltd.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25082553
                                                                                                                              Entropy (8bit):5.603927152891419
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:f0jRmqt4O41PrAkjRmV4p2bFVNYtuVzkh7Hep89BzrUa3/u7NA+hSHh9x0nUnUJJ:Et4O41i4cvNYGUQFSFEUkXTql5soG
                                                                                                                              MD5:B00B898807021B9441021C4E173939CE
                                                                                                                              SHA1:DE4C4FA65D3D87909CE7C6368C1928D60C571ED9
                                                                                                                              SHA-256:63147ECA341AB2D99E00D84AEFABAD9C5ADEFBCED884D0715F47FA98477E2158
                                                                                                                              SHA-512:D856A9435E0581227BCA0C7E34DBB5D816E3DF42B6540306D27E79A88CD35F60B3895F104299B1A1F220A34C7147E9D497EB279931AB8DFB27A85960E27AD3DF
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: ................{"files":{"package.json":{"size":1296,"offset":"0"},"build-electron":{"files":{"app.js":{"size":35617,"offset":"1296"},"download.js":{"size":1774,"offset":"36913"},"setproperties.js":{"size":2174,"offset":"38687"},"state-storage.js":{"size":8268,"offset":"40861"},"window.js":{"size":7571,"offset":"49129"}}},"build":{"files":{"background.png":{"size":54627,"unpacked":true},"background@2x.png":{"size":148386,"unpacked":true},"entitlements.mac.plist":{"size":280,"unpacked":true},"icon.icns":{"size":184627,"unpacked":true},"icon.ico":{"size":108523,"unpacked":true},"installer.nsh":{"size":21,"unpacked":true},"installerHeader.bmp":{"size":102656,"unpacked":true},"installerSidebar.bmp":{"size":618008,"unpacked":true},"notarize.js":{"size":795,"unpacked":true},"uninstaller.nsh":{"size":333,"unpacked":true},"platform-tools":{"files":{"AdbWinApi.dll":{"size":97792,"unpacked":true},"AdbWinUsbApi.dll":{"size":62976,"unpacked":true},"NOTICE.txt":{"size":362313,"unpacked":true},"adb
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\3rdpartylicenses.txt
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:UTF-8 Unicode text, with very long lines
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):48117
                                                                                                                              Entropy (8bit):4.878417492600742
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:BTmMsOuIjNWSR0QgbzBVVvLsfZkq25QgbzBVVvLsfZkq2r/HHf4+Mtf:BTmMsOuIjNWSR0Qg3B7siq25Qg3B7siw
                                                                                                                              MD5:0B6E719EAF58E4C871534DA6FCCF80D9
                                                                                                                              SHA1:948440F82B3330AA22FF39B0F7C0251240222CC8
                                                                                                                              SHA-256:96C56A7870AD4EDD2FB9ACC713BBDCCA83A08E557B8C5A2E085C455F013977DC
                                                                                                                              SHA-512:309B2CDDF5A48818537D533A2F2B387B69D27B161D56CE2A0DEAE3F899017DB7C6D7A0B74B7F6BBF8BDE6CC461CBDEB16B278214E366929596F72639FF62170E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: @angular-devkit/build-angular.MIT.The MIT License..Copyright (c) 2017 Google, Inc...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Bold.c0f1e4a4fdfb8048c72e.woff2
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 64800, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64800
                                                                                                                              Entropy (8bit):7.996675599250547
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:1t+pVzAVViabH27uLEFar3QfQ2SINz4EaYoukFnCfxaEN0Ef:1t+VzAaabW7uLEorUQVMzu3EgENbf
                                                                                                                              MD5:C0F1E4A4FDFB8048C72E86AADB2A247D
                                                                                                                              SHA1:5A8465896222227807FF29908D8648DB510561A5
                                                                                                                              SHA-256:03B4584F80EE94497A7FC4157D534818CCAD1A554536CF49167442F711BD3870
                                                                                                                              SHA-512:5E876F06AB8538594B2ADBA59E792FB449B1A5D96CC68789030169E7770178440BE42FC3C1B10A272666571B4E6213312F0C963702BCE2240F84AACBDF20114C
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2....... ......................................b........`..F.H..<........E........6.$..8. ..5. ..)[ba...2v]a.,b"h.M..^.\..u_`....{..K.ABj......n)..y.........%.X.I.I.._|.*j.U.....#.(.V.)....P..l;........#.)..3lQ....3..-ap.Z...8Rp.%v.95R%.^.)3X....1...........952.Q...E..1{.V....o.W.yG...m.?S..;&=T...M8e{7..]u3a..}....}..t.TO.B...+;.jWk..u..a0.j......p........W.j.R......9l..2..M%...;y..d....n{.}..C.....Q33. ..E.....yx....O..n:........x........ d.n...#......Q.r.T....._N...v8. ..%7....T..9.UP/0.8.~c.;X.......O..M!.</....H1..L.M......%..W...Y...'Tb....l.....E....L..A.1............*....../<_..../..Q.T._R1.j...KJU-..l..UL.5.7....s..(..w#(...2....n..(....!a.1b..c....... %.R.....1`.Y.d..V.6..(.(*ba5Vbb\..z...H....B.5vcm.(..\:.Q.*4C.sX.BU..v+.2F..ze..~:r+.&.w......].A..?....$.?t.;wv..zdy.....d....B...Qe.....5...P.....n..!.....1.t=#)\.i.+-.i..&..j.1t..........0.W..m...AA.".....k(e...=..fN.u...".t..4.n...]....1.....z.....|T)J..!Y.3..Q8..8........D.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Bold.eed9aab5449cc9c8430d.woff
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format, TrueType, length 90308, version 0.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90308
                                                                                                                              Entropy (8bit):7.995239531340083
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:GNwv6RWZIZ4TgV2pwqJO24n7YeeRzsLvfJq6MbX7odPKu1QHMiCvRs/jCqZV:GNwiWZM4TgQxQ7BeRzcv0rX7kP8srRsP
                                                                                                                              MD5:EED9AAB5449CC9C8430D7D258108F602
                                                                                                                              SHA1:E0655B6097EDDF9DF88CD194EFF08436EA086A1C
                                                                                                                              SHA-256:166FB09710C1774E70734243AE050FCF68BFB7401DFB8BBB514746BBD28304D2
                                                                                                                              SHA-512:1E6CA54849AC193138780A7171FC1B83F4F6E580D033E331F4B58973BF793C9D7B386B6EB4B00ED9686EDF27F026CCF62E41C7EB60B948F3C6FE81F9F1FAAB5B
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOFF......`.................................GDEF...........b.B..GPOS......8...e..nK.GSUB..T...........YOS/2.......S...`....cmap...4.......F.wX.cvt .......H...H+~..fpgm.......:...._...gasp................glyf..&<...z.....H.hdmx...l............head.......6...6...hhea.......!...$.&..hmtx...d.......8'..]loca... ........w..Cmaxp....... ... .>..name.......4...5.m.Apost........... .m.dprep...........)*v60......"..p.._.<...................0A.0.....s............x.c`d``...........)g;.P......|.................N...............2....x.c`fY......u..1...<.f................B4........X...1.c`Hc....2...X.n.r.........x.X.pU..]..s.}....R.A..0X..I.I...GAH....P@.?..B...@..0........2N..N.V...J...4uj..Hn.>.7...13k.}.s.>....q.`...HS3T..BmG.~..i.3.0...A.....@.....t.E..u..PM.ju.?..g.uD6!..!........*...nH.Wc....Z.t....1.....3..&....(..e.n.P..[.D.........=A...}..$...d.s|o...a.\..8t._B..Si.s&.....$9;.Q.c...Qz-..$d..b"r.i.......U.(Q..Gt6..z..9.].5...].2U.m<R.h'.....E..7Nk8.....P...^k.`>..\.X.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Light.3c37aa69cd77e6a53a06.woff2
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 64268, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64268
                                                                                                                              Entropy (8bit):7.99676386663719
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:768:5pZS2psLMvYe24e8fZXmKjfsH5p0/IWyIZ5/kqAcB6cPMDPh7oxKvfl8HXl6z7hc:5pI2rsR8fXAwgyZBkqHtPMD1pijjdX
                                                                                                                              MD5:3C37AA69CD77E6A53A067170FA8FE2E9
                                                                                                                              SHA1:F6DAAB924B79B4822DC9FAA56BBEFE1D1EFA3E42
                                                                                                                              SHA-256:ACEC38D50A6F94A303CCECAB62BD2814B6AA7753B15F55B053FD54A7D2FA1A4F
                                                                                                                              SHA-512:710584464AB3EA37B1FE10588D1580DD5C2A1E1B6F389DEDC93BFBD55323570835D832D5A31AAD215BA8B3E0F4BCDE031D053E5AFF88B53AA52A6D481726C03A
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2..............................................b...L....`..F.X..<.....,..R........6.$..8. ..`. ..:[.b....6..K./.m.`.l.5.^LN..l...]...3s.<..6....*2..sp........d.c...m...(..ajZ.F.[..2HCIm....!%..F8..2.SJ...G...j<I..<,+2R..(.J..l*...[..}..~.q.B.........t}O...?....U..*...<.^...We.J..0.M.y.4.....[..........i.{k......R.0+3.[....R?.b.(..G.jT.jD..$.H..CNh.M..H..b.533..0.{.#1..at.....n.pd.........[.CK.......ZD.}.E..'..ID.R...Or..&...9b....;.h.!.....&.;p....l.q..7..%?b.......o..1..pi8!\:a...(.....h.M$7.M.b\.X...c....5.).d.]P.$k.^...S.q...,.......5..6...........@...e;;..._.'...Tu..q...I....:.2c..~n..kI..Dn0..:...F.y .QF..'..6.".m..b.wm^z^.F...?.../.dN....0513...f...<.q.:W.r..w.8W.U........g..I]q.j."I..I:y......3C.Ah..q:f.$h..#....bt....]....v.;.n.#2.Q.....'.;.@0....=..6.:I@1....:.4v'%._:.............5.b.,Y..8...|...UV.....b..l. ......)b...@9.h...........m<.`.y2.}{3.|y'.V ,BI....Em4.......$..do..3j..2.h.K.,.........u.I.4B...h.....}!G..d...W
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Light.ea36cd9a0e9eee97012a.woff
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format, TrueType, length 89672, version 0.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):89672
                                                                                                                              Entropy (8bit):7.995508931842607
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:Eam/jfqeQ8Tnxuvw/ny64EkdZTRqVMeMh6X8ZUaey4Z+MEve90E4Tr0lvzn+R6cX:Eam/jCeQ8TnUv24pdJsxa6FaUh+Ekr0a
                                                                                                                              MD5:EA36CD9A0E9EEE97012A67B8A4570D7B
                                                                                                                              SHA1:C7494493F62984E2F581598739B5DD340E9E891B
                                                                                                                              SHA-256:B1AE247C0649CFDDF68D47EC63E34E4C26A8F2B9D2FCE9F4F1A908B9BC91A771
                                                                                                                              SHA-512:665301F37B91F3B484E3CCA70A9D0B7AFA40CDA17BC5FEA69BBAA816B2A8AEECB223E6281FA992CAFA5A31C9FBBE189DDA74E4FB933E3863CE2E967D2EDDF422
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOFF......^H................................GDEF...\.......b.B..GPOS......39..].....GSUB..R4..........YOS/2.......V...`....cmap...P.......F.wX.cvt .......X...X/...fpgm.......:......".gasp...P............glyf..&l......V....hdmx...|........G`Rphead.......6...6.H..hhea.......!...$....hmtx...h.......8U.?loca...T...........tmaxp....... ... .>.\name.......J...`fYaFpost...<....... .m.dprep...........:z/.W......".:u;._.<...................0R. .....s............x.c`d``......i.K.+...P......l<.S..............Y...............r....x.c`f.g.a`e``..j...(.../2.1100.0.<``......d*.............1.c`Hc....`...c.b...(00..f&....x.X.p....v.9{/(.-6..<.B..D.J$.q.K-b..0.H.$.....0.*../y&.`x.E.....S./.i..aFT*XEE.v......i.L&..7....s..?.?....9.D..6..J..z..2.a....N..v.Q.V....5z..9...@.3.Q7.Z._D.#f..Q.3...."..q..Qg..u....z........\.s..8hn.Rs;..r...EXc.p..c....K.<.../..."...Y+.....c.~......_.P.n..@.~.]..Hs>.v...P...U.......dS.J}.2.......B...u6.8G..9.oR.....l.9..".~7..n=.;!.]....I}..^.I......A9..d..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Medium.1561b424aaef2f704bbd.woff2
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 65412, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65412
                                                                                                                              Entropy (8bit):7.996540581745672
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:VcmzKLeXec2TaeiZQBBILWBQMaqVnnPveakonA59:CI6c2bgWpTJnPveak3
                                                                                                                              MD5:1561B424AAEF2F704BBD89155B3CE514
                                                                                                                              SHA1:7C512E2EBDDD4DBD08D0F7BFB5B772501F707078
                                                                                                                              SHA-256:C013C361FCB111A48C09D8B748A866E5871E992754FA4E927F2C92F4E5D2A850
                                                                                                                              SHA-512:C2904300C1C1B12F143CB300E84FBD7C825BDBF3B92D3355EFC02FD752AA05CC9A2D1EC714A31FE3EB876A3DDE463E0395D3E6831E04AB72A493B262F6B5ED85
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2...............T..............................b........`..F.\..<.....p..@........6.$..8. ..h. ..S[.h......;.5.&....mk..@..u.!NYGr....NK..{.....jCo....Pg........oM~..?.6y3...q.uT.*......1zL.."....O\.d..R..S.VR..x.9..0m.A>g.\X.%...v.S..R..xq).\I..M.V.....R[...k%..$.7...j.,|......u.7.I...........N.@......_..#.|..*F.......H......T4HB.l..G<z...9...Q.....m@..h..q.......nu..u....7...DI._.@%..OeTn.H!...:J.H_j....C......h)D..i.Y.c....%UK.......d&}./....fg.t1M)..:%r.d.U<...$..B\.u.<.....z.*qD!d..pd&.y;.`......A....,d..MuU+...!;..*.;.W:..o..w..Cf.p....S...N.j1.'.......M...]}..~.2..}/..xS...UT.....'.....f.....t_b&.lA'...5..z}.S.?..q....a...o...15..Fe.Y-T..}.....R,.- .at..!.tM..c.+..lOk.....0.}|.j..K.S.Qpa...YD......Q#&U.&.T..D..T.;~.R.Y..5*....}.C.h.:M....~..J.w...d....O....._WG`...w*.*.%....g.8N.6WJ.......>`..e....M.........................}.Z-.y.h...y..ZV...\X...p....V....J..f.._....x...9....gIQd;........E.js.*..#~...#J...pG!..S_r?.%P....t..2.$.{....
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Medium.cf4d60bc0b1d4b231408.woff
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format, TrueType, length 90560, version 0.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90560
                                                                                                                              Entropy (8bit):7.995743000729814
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:KqC9KpYbZ9aEv2hQ1wzze2kbqKy+c6xldjRtMR7U4ap6SCpHMiCvRs/jCqZV:KqC9x9akt16e3uKy+cmRtMR7UFp6SwsK
                                                                                                                              MD5:CF4D60BC0B1D4B2314085919A00E1724
                                                                                                                              SHA1:B17BD60107C9EC0FD8C58A9E1FD222DA7F1B99F4
                                                                                                                              SHA-256:ADC00A50646F1C1D13A5E8FDA923A27764AB675380EC4FFB0932942ADE2C209A
                                                                                                                              SHA-512:5C50975116364E37D4E75E92C00A74A5B2322221B5CEB9E162251138750FE1CB5D5943E3D8ABD19D32D5C23D6A901521B8C366BAE33CDB8E762FBF13228D2AA2
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOFF......a........ ........................GDEF...........b.B..GPOS......8...e..nK.GSUB..U...........YOS/2.......V...`..cmap...@.......F.wX.cvt .......\...\1..Kfpgm.......9......$.gasp................glyf..&........</...hdmx...l........d.t.head.......6...6....hhea.......!...$....hmtx...h.......8..M.loca...d..........n.maxp....... ... .>..name.......L...h.,..post........... .m.dprep...........S...)......"..i._.<...................0].$...\.s............x.c`d``........K.#g..P......v>................N...............0....x.c`f........u..1...<.f................B4.......3800.......!.}..P.q>H..u........#....x.X.pV......}.....Y..T.%6 .bD...d...l......c ..b.4a...F.jXt...e.j[kUl..jGE.T..Z..+.~..L.m.........r...N.Z......9.U#..#...n.c.I...LQ..J..tg.......$. .UY...........D.1.XC. ..s.b......T...t.6...r..NG....M<......h....>/.<.......d.8..CC8..j.O.v..`.....g.a.4.8;..L....a..ALR.....i.......j. .Y..`.......0U.....S8..*..*.=.3h.P.`.e.C..|w.r...TLP...Kq........].8.@<....J.q.D3.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Regular.3cf6adf61054c328b1b0.woff
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format, TrueType, length 89828, version 0.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):89828
                                                                                                                              Entropy (8bit):7.99515691459552
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:JO3Is07uHYW1+cypzbokaJSRKAjTyleAhAw7vsUC3UlEau9MTr0lvzn+R6cnjCqT:JO3Is0q4W4cyBbokv0fTA3uFr0lbWPT
                                                                                                                              MD5:3CF6ADF61054C328B1B0DDCD8F9CE24D
                                                                                                                              SHA1:6CFB2A5EB3A601BA450DDA2D80BACEF26C5BA873
                                                                                                                              SHA-256:14A2B59CBC2E03F9325D4AF6681AB0781D71048A586AE90236A4A8C013C63B45
                                                                                                                              SHA-512:B8EF03FF5735387AD8C6D6CCEBAC75C8874307A28AF837D966DA307A54DA90F47E603C5B768936983CB22904CE8276F86005D0319BDA102686B582252B4C90ED
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOFF......^.................................GDEF...........b.B..GPOS......39..].....GSUB..R...........YOS/2.......V...`....cmap...D.......F.wX.cvt .......T...T+...fpgm.......<....w.`.gasp................glyf..&....$...l&...hdmx...p........Uz`zhead.......6...6.Y..hhea.......!...$....hmtx...h.......8.r..loca...`.........w..maxp....... ... .>..name.......3...&...post........... .m.dprep...........I.f........"...._.<...................0h.....0.s............x.c`d``........K......P......o..{..............T...............$....x.c`fic......:....Q.B3_dHcb``.a.x...?.A!..T............ec.....>..(.8.$.b...Q``.....g..x.X.pU..=....E.q_..... . " ."."...H0.@. .(AS..%..... [....A...T[e.h.2.[....S-.n....LxNJ3s..w....o9_.R."........,...a).4.9...0..<w....G..A\'K1.Y..nW..6C.7......vb<1..J.%.'......wX..B.\....'.#.y.qW........MW<l.P-..}.=......M.+..j......3.7.0.\l.~.}....r..M.J...r-z...>..].v[`.7.....X..*!..>.....TR0N. Kza.{...^.LA.s......g....x(.zJ.....Rd.{.-.UH..X.}...........c.N..$v./73
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Regular.5136cbe62a63604402f2.woff2
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 64832, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64832
                                                                                                                              Entropy (8bit):7.996573469517809
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:ZuJ5srt5xxObijFyZ/ZmKnkijMi+5ZMhGfzCr+oMg2Hf+Td0N:U5GkbeFyZ/ZZkiMi+5ZMgfu+oMg2Hf+0
                                                                                                                              MD5:5136CBE62A63604402F2FEDB97F246F8
                                                                                                                              SHA1:C193DEAA915E7183828400922700567900FB6CC3
                                                                                                                              SHA-256:02A7CD67C545041654AF047F04CE327F2DF086386EAB421ADC16269010C50365
                                                                                                                              SHA-512:0C2E0F6F5D6938CCBDCDD56F8DAE7A3E6B845D63D3C6152C69331779DEA87313D100380A6AE2C4A672B5BB53569C82F663D11B9C6D650E05736B8F883B97DA06
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2.......@.......T..............................b...L....`..F.T..<.....$..s........6.$..8. ..&. ..I[.g...r.m.V?R...!Vs_....'c..W..kx.lVZ....d.7......d......*..^"\...P@Q..u...@..Q.#.LpXV..UV..u.D......(..9..O ..Ev....."..v4.{1.6...!.tXx.g.?.O...[(....n.>^fT.2.+.]_|.EB*.M.n...Q..+.Q.....<.F\.a.......,P.K.w....m_X.Pa.D..&2.-5^..\....#..X:.".E..0.ypPVl@....fxJ....i...~4.T.m..R..Dg+..M...^...t.H)..2.E.q.W.GT...Q.hq...w...M..WD....N.......N.A.....$.`.....i.....xS..xo...e+....Y..-.2..FP..*...Y..._h5....$U..X.....+.p....3nx.-5.T...B...r..4.2.2-...WD<._..e/O[..7...H@..A..H2r.&.aJ-..I.H....5.{.q.G.q.D.T(!R.6/(....Q ( ..x -H.H.........(.DF.R..c..,....l..Q%0F.D..@..(..e?..........7t..!OO.H....m.S|.j.L]...Q..r.k..@..>`.c'A.k~.{..!).....<.oZ.B..f.d.|..X ..{5......|.9..4....i...y-I.... 0p9......o..y@.......R..s..eY.W.Z.N` .+.>1X.O....m#...........<...(..a...1......%.$...H.j.E.*.xw...7X1.*`Lu..^i.e....j.M....I.......iA)/....b..$..'.4e.........W..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Thin.1f35e6a11d27d2e10d28.woff2
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 63056, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):63056
                                                                                                                              Entropy (8bit):7.996349957112853
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:du/nyfSBYUysAuOcifGdHh95I5spBnr0UPiO20TwHs+X5:A0SBYUadG1tIaL0a7Za5
                                                                                                                              MD5:1F35E6A11D27D2E10D28946D42332DC5
                                                                                                                              SHA1:C321AEB611CF1DCB25717484A4CED717D8CA76FA
                                                                                                                              SHA-256:F72697A71FCA2E477282CED1CCF5A95803AABDE0AB649A00BD1BF6EFB516DA76
                                                                                                                              SHA-512:F78D8FC0980CC6809949A5F16F64C9C921D70B65F19C11E717D7B0280DE0C95923B20B0622C6CC83B30FA8D7CCC515F8DA63F4AF1F8D4595B68CD7F7763AB16F
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2.......P......................................b...R....`..F.H..<.................6.$..8. ..X. ..c[.g......-...*.9.-1.#'.U;..1.c.f.h..!......1...;C)r........d!cz.I.?......V.s[...i..,..J.0..-M.w.I.b..&.!%1..<.K.yhk$$4bI....r...v..x...-..u.....z.L..zj.....d..E..&.S..E6.T.@.W.Y.@...O<...q.4.K......M....{\..*.7..0y.'......k.f165J-,..t2...f....UR%....1..{...[..n.L7.t-..3...0.....(G..x.}..b...g8zqtN........J!I..M..\.A.dG.M}.L.%h5gt....&.].V...[...[Q\....[.L.%...R.F.Q.K.;..;..=JA{......M|...l..C.@q.^......N.....J...mx4!...F~....h.t..K.e.#.x2....{r...?3..G..u......D...T.......gl..G.8[....q....r.4..gcQim.D...m...T.-,=.l..)**........1.........q.B...J.!...6.DT0..E...=.H)QR...D...9..=z.F..4....s.7.Z..R...H.<c^U..>..,.....M...2.z.4..#.W...rCR.X.....\....d.R..s+U..<.7.I....T..^.pCf...h..r..u........@.]._Chi69...{I....V..!V.6...1......V.X..}5R.B....2*...R]J..kCT....w.w.(O.. .......5...K..`......gw..(..D..y>...T....M...W.y^.3..6.}k.3.n...%a.i......(..;.%y.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\Roboto-Thin.44b78f142603eb69f593.woff
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Web Open Font Format, TrueType, length 88132, version 0.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88132
                                                                                                                              Entropy (8bit):7.994908715221474
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:4dc2sqaa4sQUwH0SXBRiaI+uqXrmiHIA1EZuSEUQHvzRpv6Xe1+uOTRWQZys5A7p:4ujFsQUwH0iRrpX9H5EZuvHLRpv6O1+A
                                                                                                                              MD5:44B78F142603EB69F593ED4002ED7A4A
                                                                                                                              SHA1:CB8F61464F349AF887BA96F6A2AE1E318B3CC8D9
                                                                                                                              SHA-256:33E42B84471D63E1C58993D387E1946E57FB6B8FF8F25C97BFA73DC7E600F083
                                                                                                                              SHA-512:2B23F3E4CE1B9BE6FC13145B966BA55877D3E4379C772D4FDC686B0563C4736743DD13FE50918A43F2C91D38BF758F2127A36BAADBA7F6B9D9DFD29A36256547
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOFF......XD................................GDEF...d.......b.L..GPOS......38..].....GSUB..L4...........OS/2.......V...`..{cmap...........F.wX.cvt ...@...H...H.2..fpgm...T...:...._...gasp...X............glyf..%....P...."..hdmx............)E5Ohead.......6...6.6..hhea.......!...$....hmtx...h.......8...loca..............m.maxp....... ... .>..name.......K...XO..,post...D....... .m.dprep............+6.......".l.1._.<...................0m.$.....s............x.c`d``........K..'..P......h..+..............V....................x.c`f.d......:....Q.B3_dHcb``.a.x...?.A!..T............ec.....>..(.8.$.b...Q``........x.XkpU.....{.{..T2..`@C4)..@0.0...%(.... ."4..y..!@.$...Ud@...)hxX!2.Bi...-:N.2h.Z..z..}..KS....f....{....k}+j....9...D......&.0_b.~.......*.1tU..M/.}...rl..**U{........b21..I,$..b.w.a6..o..?F%.L5.y.G1[.D.>.f...L..u9Q...x.l@.....I.o.8..f...e.!<...$.5......oF..k.... ...~3&P...C.......T..]....\.X.;..r..b..4.."<..zg3.;{...[..1...d\O.x;.s..W..4w)R...z.i^{<H._...n..W...0..<...
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\TopBack.945625bb1bad519c66d7.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 2048 x 615, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):523830
                                                                                                                              Entropy (8bit):7.9921726939998585
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:12288:qAR1GJc+YoDZLEZaCypjL1npju1i7nmJeXAvsS5OwfaH92WSfjM:qJW+JDZLsyplMi7twvsulyUvQ
                                                                                                                              MD5:945625BB1BAD519C66D7C430E5F10F98
                                                                                                                              SHA1:F79680B418AFB772A78703577F16434B18E488A2
                                                                                                                              SHA-256:3D946A4466F2713B58A217E3B7E3463F7EB19AC9D498C65E107C63AD0D602616
                                                                                                                              SHA-512:0C4B3F82247593241E52D68B33937CAA059255EBC8F6355A8392C9346728AEE24FDC70434FC72F81B2D2555F9CECECE698D2FE42EBD69F81CFD815ADF4BF24F3
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......g......&......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\ADB Drivers.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 977 x 447, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30024
                                                                                                                              Entropy (8bit):7.87959369860346
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ObBIVpi5En/gKgeGAjP2cUc5qv8+nbhuRMKRpyBnDZdx3a22kGQvC2Bl17zE1vsS:jvi+/gKgGq8+VybpyDdx37kQ6iy1e+
                                                                                                                              MD5:29C5BEFA44A27F40470E6FF86693F151
                                                                                                                              SHA1:1341BF6B37289A74868DB4F314AF4C6CFE7C917C
                                                                                                                              SHA-256:0097313CDBF1E3AE0249386C482F8BEDCB8DF1117776B1533ED9979242661B30
                                                                                                                              SHA-512:3194E0CF043C76CA0AE08E7C4A32F399CD69EFB8C57D9D3DF5F2A5865FB0FC5FEAA7158341ADDE40BF36B15DAE31917BD72ACFB077C9E50DBD3191C7C706AB8E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............3.'....sRGB.........gAMA......a.....pHYs..........o.d..t.IDATx^............Y... .(.1F...Q. ........4....A.h.70" ...n....P.P.......!....{w.......jz..>..S]U]..NU....r(...........x......x......x......x......x......x......x......x......x......x......x......x......x......x......x......x........m'V........G.sl.~.{.)2`.e.v.b../27......6m.mw.a..?.G-.!..&V.....Lyqj}}..1....Y=......)dw.v.i.<......%...t.E}..q..'...#.<..i..=......1.v.>..R.Q..{....f$..w..._...>.|SW..Cc.o..|..`...).f'dn.....m..=O>....k.o......g..;?.....|.}.*).....q..n.t..o..3....(p.....^....{.t..G..X.~.Y..My.W..............+....X#......"u....o...E.o....w..._........[.j...8.g=K. `L...s^......w.{...z...s..N~}....jkk7....n.c..w.H......E...#....[..j..M..._....k.......Z...v~...>....;vl.e...F...?.p..]....&>U]...o.U.|y.._......n..._.z..7u......}.K...~brt.N._q...NW.....s../.Q..y.....?.....#..]}.zV.m.k..t\Wk.......Z...?b.m..T.x.G..sd........?..v.;(J
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\BeastSaber-LogoW.webp
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1626
                                                                                                                              Entropy (8bit):7.851464343759964
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:DFivd8tLlk9Dn9D7Rx8pXtBR3+gjn3G/ajopq5FIcA:guc9/R6ptugj3G/a/5FIcA
                                                                                                                              MD5:3170BA20ADE97751F66865B7CF7A3AC4
                                                                                                                              SHA1:116406E09355A286AC4ADAEFB6CB279AE357920E
                                                                                                                              SHA-256:D64F77DE08371934F98DE8DDBF29280F0E89578E133AA73BFB9669C8EB4E357F
                                                                                                                              SHA-512:023356F8C4F7FDF8405DE4F105328FAFAFDA1DE2C8AA6BF5F153409BF08100C3BEF8412F13026EBFA6D3319CAE10282B7D47963DBA33EF0210A09A3CD0FC9FEF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFFR...WEBPVP8LE.../;A... .L./....@ ..\...!..m...r.?]=......O....{..>....gC.Go.l.*).....-....VL....@Hb.I..)..;K..[......pdV..d..$GX.r]x....2.Z...w.ug....$.Jr...v.F&..38...:Yfi...y..n..8.7...S$.Q.X..,;....z.O6..B..jb.~.b.i.v.....;.$2^..g..3.b=...D.a4,..%..c....io+..C....T..,u.F^I..}....r.!-...Kz.z.\Pf5.'....+....1....+....Bd.~.s....i........^.[I~...^..^...f.0)..s...l....Z..D...<..Y<......P..*....\.*.Q*{c..C....yR.y.WE...X5.Bd=.....(v..1..|.].zU..cH..(h.=..z..J.\..w...!.....2}*.([.6H.\..3.g..M.E.l[...^j..`$>.......N/a..X...J.....".cMJ.I.w....;..y...|.]b6G.e.<..!K9|.Mp$...<{..`3_H..<F/K........@..q...A7C..78......)u)...=b_..[.o.EN..7.....e...=...,...*<...#......0{.[^N.s.g.....n.e\q.{@.$[.w!l.,v.H/.!E...p.b.F....,...~.v..A.&4...\.0v8..R....u..5.lflz6.k..+.._..&.N......e-P6.#..c._kf..y#.....a.F...du.......w...q.oe.Vz,.P.r.%.......<.t.`....,.....;.X.....5....`_.\.kc[.f....`.*~s.L...7.oilu..g.B>w..m.8kzY.O.1.$(O.@W.....q`.e<..an..N......O.]H.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\CreateOrganisation.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 626 x 183, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6167
                                                                                                                              Entropy (8bit):7.836068778413461
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:npnkHIgQ/+Oppp93hR/Pjd0a1rHtApisXTppppppppDP:pnkHIgQ/33hRn2cK84fP
                                                                                                                              MD5:6F471514AA25ED79142D47E8FB3C49B6
                                                                                                                              SHA1:6B2CAF383BE9D89386AEEB75CE97B8EB8BDD38DE
                                                                                                                              SHA-256:82FBE6A602A197BA2D8C7BBF8C657068927B41E0BF854490675DB28DA9CD19FF
                                                                                                                              SHA-512:32E98F1A6DC795F167172971A420E7476475D7319141A1C1A2B88179D90B1CCCBC5706777427C03AB6836233BD76FD228257F9ADD4820D13D6055DB49378C490
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...r...........$.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...x....]#$..@....../.D..."r1 .U..P..Z...I.ik...s.I..VM....c...H.b.b.F.m(...Q"............fw.$.n......w...........y}=....3......U...!V..0.X....b...c.U...!V..0.X....b...c.U...!V..0.X....b...c.U...!V..0.X....b...c.U.p.8.^A.....j.........A._.....^.......,?XtS..C......~]ZZ...cG..7.F4..U..r....^*...W....._za.....`....>..S.t.....jU.PU............oV....U.n....../..R..PZ.}..Y.w....d...........K.-S......[o....pUU~~..'.....;.=.c.=..qqq......w..'.8P..F..U..p.....>))QD...>........G..~.]w.......s......b.}...n....=.{..Y...F....g.yJ.D...z.LzD.X......8.|..w.......jIHHx.....~....!c.n.9..n.3.DM.W^-F...(1Z-.X.kW.......QQ.h.4pn.@.7q.x.._....9s.2U8q..m.o..^t.7..<...>.6..b!;;'J.*.8P...W.J..7....X......._.{,W.....'..1]..R.......baC...V..Y.z..Y9Y.9bA7................W\.f.uN......w.}.......5..k.....s....u.5.5:.....;...iZ......L.2...z.......)-....F.....x..b...R..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\OculusAppDevModeSteps.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 2430 x 1758, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):544909
                                                                                                                              Entropy (8bit):7.945303542960981
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:I1hWSdtksZjNQHrPJhDZ8nPqf61N25bQXTWQO4UdmP:gzdtks9ifMPqEN25bQqQO3k
                                                                                                                              MD5:2E03837A9C30ECC9DFCFA92DCF0D73B5
                                                                                                                              SHA1:E4D763B9DAB4A4816B81DAB88F830D6E1B4E3687
                                                                                                                              SHA-256:6B645053D5A0E3E5A529B535C1992DEE5CF3CD731D54BEB8E8A2E5A5FDB50AC7
                                                                                                                              SHA-512:E703123FACB56375E99055E46513CCC7C0948E464E2D73A0FF4F11F08C451130F30F2E46CA82A1AA02095FEBDDA71AEC600206747AA84104C746DA720D173AED
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...~.........l.(.....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2018-12-07T13:57:38Z" xmp:ModifyDate="2018-12-07T14:51:02Z" xmp:MetadataDate="2018-12-07T14:51:02Z" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:096fa0c5-f95c-0743-86a1-51f1629ca900" xmpMM:DocumentID="adobe:docid:photoshop:1598d75d-8512-6145-aa4c-c7a23ed9e132" xmpMM:Origin
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\OculusDashboardDeveloperCreate.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 788 x 332, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18468
                                                                                                                              Entropy (8bit):7.8119202564168955
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:6Nn/MlrFx5G7awgDMjt0/TIH7VemMrummmrummeLOm9/6Oovph7WKJSaVnlSD73+:6N/MVLwgU2f6mmm6mmw7ovph7WKMaVl/
                                                                                                                              MD5:7BCBFC3566703A5A7B56EE4DD6745D57
                                                                                                                              SHA1:C04E9F85D371DD81A45E8D0DBE81FE80A7EC9772
                                                                                                                              SHA-256:82EF44B5880FA1C3A8CA88FC59D5F8A0307CE4F9B82B7E29E738F64D4F6B45C2
                                                                                                                              SHA-512:DCDF8461466A881473F6028730A7481060312E5D9BF8D00C0631773C940B935285A29F9DF0DD0C1D891FCC5712EB6663DEBAF455CEBED7D62D9E4B4B54BB6435
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......L......mu....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2018-12-07T12:51:35Z" xmp:ModifyDate="2018-12-07T12:57:30Z" xmp:MetadataDate="2018-12-07T12:57:30Z" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:5f79f30d-62d3-a74c-add6-f9bcc9a5ea57" xmpMM:DocumentID="adobe:docid:photoshop:52374c2c-88ae-614a-b2fa-9d22bf207e7d" xmpMM:Origin
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\Synth.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78114
                                                                                                                              Entropy (8bit):7.990940462916688
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1536:U2of9g9jXmy3uYV82prWJRNmC/WPy5paaQGh4DepNPvs:xoVijW4V829WJRNmC+Py5QGhea0
                                                                                                                              MD5:48585FE1CB54183EBE5FB5496C25BC0B
                                                                                                                              SHA1:AC7A4933A29DFC47B35EF762F6E8AB1DA420BAB2
                                                                                                                              SHA-256:3EF59A083913177EBC0E2A68002482A98B3729824E4E4A79BBC7D19A00B2714D
                                                                                                                              SHA-512:70B8D2591641DC05AFE2361934DC5E5B0FACD11131E4A0BB9549C7A0AD90EE41D2AAAA0D9B70C285EC4DEA8BF2916169442629FB9A327B22543B3DE22E513FF4
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.............\r.f....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\TopBack.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 2048 x 615, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):523830
                                                                                                                              Entropy (8bit):7.9921726939998585
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:12288:qAR1GJc+YoDZLEZaCypjL1npju1i7nmJeXAvsS5OwfaH92WSfjM:qJW+JDZLsyplMi7twvsulyUvQ
                                                                                                                              MD5:945625BB1BAD519C66D7C430E5F10F98
                                                                                                                              SHA1:F79680B418AFB772A78703577F16434B18E488A2
                                                                                                                              SHA-256:3D946A4466F2713B58A217E3B7E3463F7EB19AC9D498C65E107C63AD0D602616
                                                                                                                              SHA-512:0C4B3F82247593241E52D68B33937CAA059255EBC8F6355A8392C9346728AEE24FDC70434FC72F81B2D2555F9CECECE698D2FE42EBD69F81CFD815ADF4BF24F3
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......g......&......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\VRtous.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18662
                                                                                                                              Entropy (8bit):7.976123564738141
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:+JXE05fOy/IJymBeMQGP2oHBVacZq5xZZX5:+35fbOBezGdug4HZJ
                                                                                                                              MD5:56697008E46E7ED6F114824BAB40F800
                                                                                                                              SHA1:0D2F5F891D20A84F7063578CCE09C3EBC020C125
                                                                                                                              SHA-256:4487D0C5EDF84CA9F25E14C34AF4273489E09250873F9CC3C6781F8D078FA963
                                                                                                                              SHA-512:37A55F988DC21BA63F1BA6772A43BD062F160A8811B2E69643317A73684C1537161C92744E288FB44A2E4D6144F53480BB382EC52FDF7A35001AFF49B379C008
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...f...f.....9..b....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\allow-auth.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 544 x 230, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34783
                                                                                                                              Entropy (8bit):7.984048132819587
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:435FYtpsC85sIoTjNfh8+/j7/fh8syr/ICLqHd5s:CYX603NfWSJpyrAjs
                                                                                                                              MD5:32A54402AFB19D92D8E702AF182719BD
                                                                                                                              SHA1:9478F63EE437ADDA86150CED726016C6A53D548C
                                                                                                                              SHA-256:D5504CC28600F0B3409D645061C0F1A89A0D7E185C1C2587E00AB146B6D3F213
                                                                                                                              SHA-512:5403BA550C9C36F378731F95855B344809A1EA0DA854F8119F453023A1A178DAC39E723A02D94674F2801A077AB8D1BEA0B30CFAD3F6A864F9A03C474FB03DCE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR... .........c......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\app-icon.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 589 x 580, 8-bit colormap, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77916
                                                                                                                              Entropy (8bit):7.967160965276633
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6umdOC376zYJvSyIkrAiNvPFF6t72puO2aHdHCR:6Ld7376yvSyIoAiJTJdU
                                                                                                                              MD5:54A587CA3CB465A2039B744F76978452
                                                                                                                              SHA1:3E51EF859BF3B2ECDF32DB84EA57078165BA169A
                                                                                                                              SHA-256:EBFF836F12E25C030A70DDA90DF319ED271842BA8DBA8E4B49344FD03AA5DE93
                                                                                                                              SHA-512:553B879F86BF825289E98F540773556480911B4EB2F380E269CF8381311B37E7E434FA62B2CF6395736D499305A85DB5D939B23EE5981106BBD13ED54AC34A49
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...M...D.....<+.....sRGB.........gAMA......a.....PLTE............7.q_......C...?......[....@E.!...c...'......T?.|...:.q+.ia.....k....\d.......^....E.......A.|E.r.........P.Pn.....t...E...K......8.J$.e.....Y.....F.}..@...j.....U.............a.....%g.|.........wp.Z..p....Z.T......U...d.X.?...b.0...4.m..W...$.gP....l.....n..P.}G.q`....Z.....g......-.c...)....U).qF.....".a...$.l.........v..$.f|t...P....w.~..z..;.r.G.......r..".bS..a......'....T.~......i....~..]]K....L...........YR.........d.....\.J......P...e.&.px......Z...2.q.D......HA.BH.:......{.a~.....}..W.z_.b..._.............f.0....+.gj..!.j......wZ..k.{.6...B.}i........>.j......U...........?.w..RS.....m.._....c...*.e...-.kQ.....r..~........J..~....'B.x..\..X....._CAvN...g.~........i....Q%.jx.....V.u.................._Yx{....T2.k....f.......k.......P..........tRNSQF..:.Kz..w...@..6.u.....`:.....H..R..C.pK.......GX_......~....|m~DSk.t....t......F..?V.....o......:=..V....d.l...L.f..kZ....H.c....D..?.~f..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\beatoff.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7116
                                                                                                                              Entropy (8bit):7.926298089060091
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:lS0tKg9E05TOnrYSQZgsS2ay9fqj8jfovQ9Tq:DXE05CrYSQnla2fqj8jfWQVq
                                                                                                                              MD5:A4AF76ED3642088B6A4085CD304D3F6E
                                                                                                                              SHA1:56414A6E7A543AE5D18A4B17B9630A90E22DECE4
                                                                                                                              SHA-256:65322FE0EF74B54B9FFC8D2766DDFBC7DC7D8041FB613CADD243B7F434C0F37B
                                                                                                                              SHA-512:1AACDA60DF60F039ACD88C836432D56F16374C11068167DFFE741E2F391BE763D43CD87236F92D131D30366B6C03B7114438CD5B4FC6A007514D8C7F4AB67044
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............>a.....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\beaton.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7272
                                                                                                                              Entropy (8bit):7.942476189040639
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:lS0tKg9E05TRTOSunBsph2kqD8Zh0ZD3NR9rqZ:DXE05VWBKIL8Zh0ZD3l+Z
                                                                                                                              MD5:0AD703D8E01A5E2AE3E64600468316BC
                                                                                                                              SHA1:E989A7DF241B889952C2954D91D24508869D7D25
                                                                                                                              SHA-256:B539B2176460956D4C725ED7EFC98A6E786AD3E9F42C18A0F6B5F2C207097191
                                                                                                                              SHA-512:4EE1DE9103B84DD800A3976A65024202C03FA96C44E0D5DAAAA75DF7FF08CB2B5606D9510CC87DFC1FC86192DD8FB90377C74074F03E324C4F2C425410023573
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............>a.....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\beatonlogo.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 550 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13510
                                                                                                                              Entropy (8bit):7.962782711664799
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:JLAT5ofRcuSsr2imLzsIqYpB5o5IcvqWXaj8Of+KlXXcGazTKKmxXfUpcCy6i3DU:Js5eRcY7qzpqY/5odM+KlXXvaICyjTte
                                                                                                                              MD5:6C1A8C36D9FD1DF75FAE8987BBB033D2
                                                                                                                              SHA1:A7859EAEDF5B0F392F79CC8C8132165374CC065F
                                                                                                                              SHA-256:49D3BC591122DA4B2FEFB1950FB49A961421446E4CD2CDD8163AEF0F48A54003
                                                                                                                              SHA-512:5300757407993E4A8F78859E97E6C8820DB403ECC10881A8FB760145DD19FC194DAFB1C9C5ED00B43414662F632C354C70EB7EF1A0CA8EF6119D9217E770D2A5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...&.........?.......iCCPICC profile..(.}.=H.@.._S.E*.. .!Cu. *.(U,...Vh..../h...8....?.....:................"..~....{....S..@.,#......{E....!..z"..A..u.._.<...?..7.....nX...3...y.8.J.B|N<n...........3CF&5O."...,w0+.*.4qDQ5....+..8...k..0..V.\..F.KH ..2j(...QZ5RL.h?..?.....U.#...P!9~.?..Y..t..1...?F........m7O..3p.....0.Iz..E...m...{...0..K..H^.B.....7..-............o..C`.H..]......3..~.Hvr.........bKGD..............pHYs...#...#.x.?v....tIME......'8.......tEXtComment.Created with GIMPW..... .IDATx..w..U..?..m[.H#.ZhR..B.JT@.....EZ.?....H.&..H.&*..C..%.@..NH#.f.w...qfaY6.{gn.=...rw.9s....=....b.X,...b.X,...b.X,...b.X,...b.X,...b.X,.....)..KGO`|f......=.L....D.&.WeQ......g...WN.yW,.eK..b.X,..L...l..G.J4....1.....@;.[.sm.,.l.....-g~.-....b.T.0....'..N.S#.n..f}=3.5.t...gg._..Sl.X,...Z..C...p.n...?.../...'^..t.9.;o.aK..b.X,e.Y..:....4qo.7.#..C........p.=.......b.X.H..37..M...A2....)..-p:..Sm1.X,...<|.br...H$.gf..j.@?>Rk...].G..X,...R)ar.V.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\bg-header.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 2440 x 160, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32701
                                                                                                                              Entropy (8bit):7.85934760633208
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:b35L9aa0+tc72c92prLB4uAsoSCSWdwQDjF2Ypk4:t8zJurOuAsoSTW6Qy4
                                                                                                                              MD5:296B3C6BB7D256316B7B930653DD3CE3
                                                                                                                              SHA1:98B71551410987D5520A55E7159774942C79BCB2
                                                                                                                              SHA-256:FCB3C240093A373E0E787837E6A2A532440A58A1BBF6FE5892D8995EE9FD5B5D
                                                                                                                              SHA-512:F2FF7183769E9EDB39ED835CB8FDA521A941866DE24B1895A7261C9E69F436749C3E00EA6E8F2C32FFFAD8716D04F9C797594B60A794052B94598A0A94FE048D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.....................pHYs..........o.d...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\bigman.gif
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:GIF image data, version 89a, 656 x 368
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2855261
                                                                                                                              Entropy (8bit):7.948989934696355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:y5Eblu93NIw539MDzqsd5rYx+heu0VmdjB9QzJ7JpdeIWYbWlyAjUz:DbYwn+2++w6B9Qt7JpgIteyAYz
                                                                                                                              MD5:241595ACC968042E53998223F0AFDC8D
                                                                                                                              SHA1:31D94F7A8FD0F0AE52FB0DC142F6819B96924E40
                                                                                                                              SHA-256:277725F913F3A5325B8B2FDB91BB3FBF5E7D63032F5B7B3584AA66AA9BFA72FA
                                                                                                                              SHA-512:92289B8F3562BB13DD56C237F35EF5DF16719A5F75286AE1ADA45755632467BB8CA487EB44A98F8AF4E03A900F1FEB8F17058CD20860091C22950E522F30FFF6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: GIF89a..p.......{z? +2...p.C..Xy.2...J^|Hg......rD5.....x...N.4U%$o^g.{k..sOcf...oj7CF?#........Yn...5&.....!".ZD....Kq||@au(:@[X(....5u..bNW[.......aE6p6:.]..........t#..L.5.K:Khyq....v78......^6Tj....;..........8=9+"....q_T...noh..Yg/'rGTKn...._NI.dU....`92.>|+17CLN.....|.K*...V....t4N....W...F( .*f|}N................hG5(.........%*....{.....sE.%....ph...9GM...~pf2Rc.........,......FYqL<`.8ne)Sox...._e`...W6(.Eo..........f........$..cb3....0>MKM.7U...4....._W^;[o...[......eSN6E..a....Fz...j=,..&@P`2C...*...l..Zn7'&..T+,'..us;...p.Us....`]P#$"........x...505......HH ...OI>.....M.B............t>...{M=...S@rnX..T...^ox......F%+D.$..!#...}l.rfJ;5nsv..B...64):.!Cf|...7AC.."..,....[>U`.....l....py....k[...^$:...NUQ._K........qTQ..._ik"(+OZe......!..NETSCAPE2.0.....!.......,......p.....O..rJ.#....l#.....H.XJ....`,... .?J..L..(%..UKR;I.$....V..q$..B$..v.^..4t..0...3.T.$.....5.).Z..b..... ..[.$/A.<S.!...p.rJ5....^j....L.....%.....N*<...I`&I>\.pd.-.n..2d"
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\bsaber.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31249
                                                                                                                              Entropy (8bit):7.971140649978162
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:Q35IqDX+IQt0AH8hy/cFbIRoXKky2nJ7uyU0we4g:aDX+I4US4J6p2Jay/z
                                                                                                                              MD5:7AFA1307532D65D5A17B45E441F4139D
                                                                                                                              SHA1:CD2BF25BEF1E5E756792128FE83FAA7F50F6B75D
                                                                                                                              SHA-256:0220637D0F205072EE906941F3E004B8DA9C4D72F3FC7CE85A3D75A6C646C4D4
                                                                                                                              SHA-512:706A8E016EE1218102645C268BBCBB47B5AABC6DC8085C3A3EE1B7BBC23ED259A7EC6E8284033500F1F5BD66A3625AE29FBC40F54C0B65A8A994199AA96DD872
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.............\r.f....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\default-cover.jpg
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS2 Windows, datetime=2019:09:05 21:00:14], progressive, precision 8, 1200x160, frames 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):42134
                                                                                                                              Entropy (8bit):6.322540465990489
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:0DU53o5YNg7uB3jqMx8M5XHD+gaAIpmciVZtYwq2pBpikpfkBtuDyV8t8:0DL5YymG+8M5XH6gabUSwZU0Dyut8
                                                                                                                              MD5:9D4D717B1C9EDEB657CE2117239CE28C
                                                                                                                              SHA1:887C9E2E4A143A5C5830E8A8760FB68981FD5245
                                                                                                                              SHA-256:06E33507CB541E795D3C58134E24BD702FFB65FFBEC678DD3F2AC1D38EA2F043
                                                                                                                              SHA-512:53C9FEBDA480CCB5ADB5622FC6996F08C08ED49ADD55CE4D86F7BF2CB85713831B20756EFE2EE1C334F9A918CFA4CAD013998831C4DD3E95C749139D2DCD7EF3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ......JFIF.....`.`......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................z..'....z..'.Adobe Photoshop CS2 Windows.2019:09:05 21:00:14....................................................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I:..,.I2rVI$..Y1RL....M0...2].O.P*J).NPd...J.0T......F..=.(!.~w.=.YY..;F..N.......nT..a.M.\....$....L..N.v.w.b..]...$
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\default-pack-cover.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1225943
                                                                                                                              Entropy (8bit):7.881196420710676
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:u75mFpkkLtDWIUp6EmHahVSNMf5yqZtJHpEkZ000Hb1wPxS:u7ALkkhDlUthV0UEkZ0Fb+pS
                                                                                                                              MD5:47CDF7837424248613B15F8C304D2012
                                                                                                                              SHA1:E9F407ED7F4364FE295E2B5ADB6CD8EC2B12EF67
                                                                                                                              SHA-256:313E1219E6C85BB5904C655788D9B89C9169250FF67ECA973CFDCA06C85F5DCC
                                                                                                                              SHA-512:79C4B1BF6F8E4ABCDE15E00A394A657752A29049898288176C3753075830D576213E48AF5FAB5805F00C1492076819CFAB50A68627C0CFFC0D8DAA42E0191616
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.....................gAMA......a.....pHYs...........c.....tEXtSoftware.paint.net 4.1.5dGXR....IDATx^...w.G...fU.HJ-uK"....p.....@o$.S...{.|.Mw.9...o...g.w..FfdU..e...W.....B.H<O...Ic.r..l9.4Z....&~T.7..-.%....4..a9..m..47&....RsK..\...\nm*... ...i. Miksx..........m...iM[,m.6$m..v..%m...vK...d.....rG[........G..%m.{V{8-.k.......C....#..(wY......(uw....N....c.-...KG..E....>V.JW...t..n.[.....+..$..1KO..r.|..|..:V:v..9^:.nO.(...0.K...F1'.........Io_....b....._.`.-..^4...N...k..,.YN....#..a....F.J.3:\..)......dl......d.t..k..}~.w.]...WV~.1........31Z..I.,c.Qf|.....x.z..E.c.x.,v...2. ...{Wx{y.....f.2Z....G-:..\.....\il.4n.....9Q......xyr.<5Y..J.'....e.......?...._..s_.8.....w..o.|c.wO....g.O.|....E{....Dy..J&..;..|r.^.<e/d/7...~.Q;8.g..}&.}..d....Py.r.<b..o..Vd(.Q..e0...]...E..}s..F.<f.44..OTF.+#v;i.....`i.2T...{88.....5.........D.y"..0'..vO.I........s<eJ...r..X.n.S.9.K'-.I/R.u...,.g....'9..~.&'-...).Z...vZ.......~.Sv@..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\logo-large icony.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 1440 x 1440, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):297698
                                                                                                                              Entropy (8bit):7.974834720355257
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:cxKdqrpTyuhDOmt583r7vtMd7CLQynDAXHMxJ6NjuH+HyJ2YBxulf+QGL/X:cQdqrBFhxK7VhZDU2cNitkYBxux4LX
                                                                                                                              MD5:02D2EE2AA1DEC02BFB1EBA9570F69F74
                                                                                                                              SHA1:FF5A9D98D3F32E8109CC06B2B15C176C48AC7077
                                                                                                                              SHA-256:EAEB388958B306127B7009EF9403F937B9A8ADAE641A93C0EA02459076999DE2
                                                                                                                              SHA-512:6679F2BAFA88FB68D35EFCCEADF5BE196500620174816E301065CC6F48449A5880B3F2C2B078BF77CC764E798805FEFD0FE0190D581B814D82FA8488D977E1AD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.....................pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\logo-textual.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 2813 x 690, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):63148
                                                                                                                              Entropy (8bit):7.844005914874592
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:owUf11iQyK6JaoqvIyYkViPtM5UhiyNng8ufbWo:0eQyFaHrfB6ng3L
                                                                                                                              MD5:D172F4F4C6C9ACB6AC5448EFADA68DCE
                                                                                                                              SHA1:6C9A5AE8521C55C3DBF395FE37BC4108E346B0E3
                                                                                                                              SHA-256:FD35B4072DFE6A512BD08F141B6D4B37CE57983C0C4115589615542F8EFC5AA4
                                                                                                                              SHA-512:7F943657C9B539165CEFBBE18FA589293A9392DB400BB1167EE7FF63B49B4F45E1E1971DAED436A10408A31F409A12EC9B5BE34EB1AD3ACCB02192A60B9331BE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.....................pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\logo.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 639 x 650, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):93152
                                                                                                                              Entropy (8bit):7.978780983046614
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:05cldcBb2WI67f9RplDBrtMTCVZ4aaDtjybFOcBRP1j5ARxqc12vC+Y:3bcBJI6d5pfWDtjMFOczbARxSvCn
                                                                                                                              MD5:25040944D12F45F1B31A14E3761D62BB
                                                                                                                              SHA1:927A4A1E2EF7763FEC5C28BB146B556AED7ADFDF
                                                                                                                              SHA-256:BD1D18DD605AACB26D04F6D5E9DCE6AF9F637FB6EC8F732162F65259E8BF6C9F
                                                                                                                              SHA-512:60036FBC748DA2810E47BAFA7F7C4762F5060A0DD5B3956925CD650418CCB39671F0A30E4423484EA2D456331E7FEA138B692346E01AC60D70E32B27A651CEBF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.............L.=Q...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.5.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". exif:PixelXDimension="639". exif:PixelYDimension="650". tiff:ImageWidth="639". tiff:ImageLength="650". tiff:ResolutionUnit="2". tiff:XResolution="300.0". tiff:YResolution="300.0". xmp:ModifyDate="2019-06-28T18:57:51-07:00". xmp:MetadataDate="2019-06-28T18:57:51-07:00">. <xmpMM:History>. <rdf:Seq>. <rdf:li. stEvt:action="produced". stEvt:softwareAgent="Affinity Photo (Jun 16 2019)". stEvt:when="2019-06-28T18:57:51-07:00"
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\new-logo.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 464 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5642
                                                                                                                              Entropy (8bit):7.920051206583433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:gz/S+ZC2l6YCbL8bQDoOt3zMzQSNj4cZVmol/gjyaWWjHzLYYD1:gz6gCXYWDnuzvNEcqolV0TU61
                                                                                                                              MD5:F22837C59C984A95DE3311ECDBE1144E
                                                                                                                              SHA1:5AC40648767A34A7C8618FF889A86CAC17207B64
                                                                                                                              SHA-256:893C78D4059E16493959BC3D9F2432452ED1511358DA8BCD3BDC9493F0C751AA
                                                                                                                              SHA-512:F5B32BDB6DF2A10143C007DE1529B7BCC35492D8CD7F31C10655309FAE567B6E4CDE09F8DC42C2A4C4E4AE237817C0DE946B920722278DECD79238A92EB6F93C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......d.....6qa.....pHYs...)...)...yu....IDATx...q.7..L..;.]....T........t..*.UA..^..P.....p.`>|....\....Q..^...pp..g3B..oc.X$..1..FL.!.b..t&..f.c..1....B....Hg.h.Y.`...a.Y....!..1V..3..c(..c.....B...j...8...1....B.ia...1.......3..4!...0v...zR^..r....3..n&.M.B.......@.h...P.i..W./...B...]..K.._..........1.<i6....p<..Bz.k..^.hJ../...x^{.H.|.......g.....%...BH.t..>..4...;.x1.z^..9o.I..k.X...B...J..U....Z...}......y..}Z......B.!........B/&.g..>..O.|n..V.?t-..B.!.........s..:.O...-...$(..I....}.7"pY`..B*....*.W".G.L) ..4..]...m.h..B*...w..-..Q.ZR@......iZ.2..%..J)..j..........bJ.....a.M+G>O.!dd..@W..4..ZvJZ....l....~!-..E..R....,!.D... ....?(.#j.>HpS.}..B.)@).......2W.=H.O....}.y.....X'..B..]H..6.E0..h.^..@.Y.k .x.1K.._...i.[.!.TF...iqV`t......W .u.|/"|..J.L......!..D.....n....SB...S....(i+9.g...B.!..r.X...f].P...:.hZ.....M.E.....D.!..r4P...H.MS.j...........".&.....9P.H...Z.!..R......l.H...>@.......]j.<....`...o..B.!.'U..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\papyrus.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 400 x 400, 4-bit colormap, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):23257
                                                                                                                              Entropy (8bit):7.933702418068786
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:aNYe/s9OpRKk6X6ul9zaIE6kjKkJmoaqUoOsWMLbQ:4Ye/wOpR/KRNEgkJmoadXZ
                                                                                                                              MD5:608AB5FE4A45E2AC93FEBD3416B260F0
                                                                                                                              SHA1:6C7EDC008088195CE2E7DDEA84711B46D9E1DDA5
                                                                                                                              SHA-256:872D1C632A2411CD74430A525E538F4348FE0E8307FFB9010282A82A957D4A2C
                                                                                                                              SHA-512:7724782E0312E3C5B6263C824E8AEB00FEAA0EA262C9AB339594D0FF539DEEE122662B0D5D06038E40EB8EDB47A3F429D15367777AF0D23C87EC307FAC1C6BD7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.............r.+.....PLTE........................).U..Z|IDATx^..M.......y.}.Hy.1......{.{'....6^..HI.d..,E.Z.#.PU..L.Ce.L.y^.G.]D....z.2F....1Z.u.......1D.m.........U;....>p..7YGo<.=mS.?.N9z.}......6..d......ms~.n/oG...T.......nST.D.{..M..Ee...S .4.C.".....Z........@$.!...._.[.. .x}...ur@"&..H_..m...z....q..@......Qq.f....r1.9.......d.uM..:.)k.&..v...SG{.d.O@0.....&..Zw...]z.3.;7..yh..5Z....=.(AL.]..(.@.....D.Cm.79.....w.N....&..6..[H.@.m....... ..B. .......+A.:2.@>.n.7.i...cG..D.b8W|jH. .8<..1W.K.jZ:Eq2...............Z....:.bX .+.. r....... .G ..... ;....w.^.}......!C.I..-1.iP......v..0...f *0..Z..... M.....G......k6&59....*.xD.d..W....e%7q.... .V..3...^ e..Gw..D.....&.td@.[..].. ......$......e...=ATen.....b.M.........@bh5...ES"......1.]1*.. .(..wC....EbB2.....@.A.~!&...M:(9..y..)....0h.9..1.na.5t.....F.....7........Y..8.Q.._...4<`.......D..S.D...@z;.P...6....../%.\....n.P..Vk....F.A..pM.L..g.......+...h.`..9...%.?..L..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\score-logo.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34415
                                                                                                                              Entropy (8bit):7.933328398447777
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:m35yZfIlkpT2nqzmZ2SJm3xuMP0wEGo3fZNqwCflqIqDBrQ9HdjMM/Zs9l:ZZglkpT2JEAmhuMcio3fnqDfCFrQbjMR
                                                                                                                              MD5:F1349579AD253C54B26F45CC522C646E
                                                                                                                              SHA1:FDF35749A9FB8D1ABEBB0A8284AB2F20CE902C42
                                                                                                                              SHA-256:2CDFD2E0C6CEF0180A97D5833B2B66F161D7E41D553C83C582EFFFF365820218
                                                                                                                              SHA-512:01E4C30D2720525925D9E08C529D55743518334B68F250485F0C861CF23A9D58E3353F554A775941C779630AA2CE900ADAEDA99776EDD8D213E59F7C1FA43E28
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\images\song-beater.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14796
                                                                                                                              Entropy (8bit):7.980841891156172
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:+JXE05PK0v3+FOTcX/SoCCGw3sSg8TtPiiVZrzGz6iLOu91:+35PKvPtCCGwcPfSrzGz6mOy
                                                                                                                              MD5:E2F43BA5DA3F962FBAEDA6C29F3834CA
                                                                                                                              SHA1:2FAB81C30992CB8FDD387DBFA270D6B963301426
                                                                                                                              SHA-256:A0B06D2B6ED0774FCDD9D0B18AFA9BD0EA6E7950444DC2BC1D0436BB5AA21199
                                                                                                                              SHA-512:0A8C97800F3904B25C86B8D479987FACAB6D866EA48AAADEBCCF1A07484FCF3E7A9E9441207B03B0398D26E08A008BAAB3DB8FFFDDE4D0282DE9132C5921550B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...f...f.....9..b....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\assets\sources.txt
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2
                                                                                                                              Entropy (8bit):1.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:y:y
                                                                                                                              MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                              SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                              SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                              SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\favicon.ico
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5430
                                                                                                                              Entropy (8bit):3.9611962366075426
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:uDIe4wYtkm7IZtIBIIIjIIfIII1II+ICQB1/I7IItIIIIHIIIIIIVzIIIIIIIIsA:noW8f9Uh4k/+
                                                                                                                              MD5:B9AA7C338693424AAE99599BEC875B5F
                                                                                                                              SHA1:84161B857F5C547E3699DDFBFFC6D8D737542E01
                                                                                                                              SHA-256:B9CCBB7100E13AE95AC18A3A9ED00857F321B63B498F1FB7ABAB506FC1C40E99
                                                                                                                              SHA-512:76DCE21F4D1E0833771830475A3114B73C39EDEACE26E664FCEB2797AD84616E6BDE4B34078A66281312596C494DFF8A30E62BD20BC1D9F4AB0D12A4834076D5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............ .h...&... .... .........(....... ..... .....@...........................................71.U61..0-..2..;........................................71.971..71..71..0-..0-..1-..3/.#........................71.!71.71..71..71..71..0-..0-..0-..0-..1-..3/..............71.U71..OI..VQ..82..71..71..0-..0-..0-..UR..KH..0-..2..=........71.71..........mh..71..71..0-..0-..[X..........0-..1..{........71.71..C=..........71..71..0-..0-..........85..0-..0-..........71..71..71..................................0-..0-..1-..........71..71..71..QL..........................?<..0-..0-..0-..........71..71..71..71..........;5..:7..........0-..0-..0-..0-......71.#71..71..71..71..d_......}y..........IG..0-..0-..0-..0-..4/..71.M71..71..71..71..71..................0-..0-..0-..0-..0-..3/.A71.k71..71..71..71..71..zv..........VS..0-..0-..0-..0-..0-..2..e71.}71..71..71..71..71..93..........0-..0-..0-..0-..0-..0-..1..{71.A71..71..71..71..71..71......db..0-..0-..0-..0-..0-..1-..0-.E........71.)71.71..71..71
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\index.html
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):895
                                                                                                                              Entropy (8bit):5.155904946544564
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:qTWEhb9F9MFjNCi2NUaV0Xi2N7ad8b/POWYqcORlrYnCGSzFpmABjMzFLKizeRz3:0WSQEX0FxWKxY4X2CXppmEMpLKi0ibO
                                                                                                                              MD5:31A580712CD628FCC789774614A287D5
                                                                                                                              SHA1:53AF8B1169BE1D8DE96CB594998AB9E8B3E408D9
                                                                                                                              SHA-256:E77EAFE9E10C4E37C37795017FB9498313DEFD62EAE0A161C9B8F3FB7893EEFE
                                                                                                                              SHA-512:A176DA56D2F7EF5BF5B0502A06EFC986F080E0865E6A8E8ACD5A727134A0E6D708375CD443FBC68F9DBFF43B928315D22F85E31FFB36832A89C8D5425C9E41A9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: <!doctype html>..<html lang="en">..<head>.. <meta charset="utf-8">.. <title>SideQuest</title>.. <base href="./">.... <meta name="viewport" content="width=device-width, initial-scale=1">.. <link rel="icon" type="image/x-icon" href="favicon.ico">.. <link href="https://fonts.googleapis.com/css?family=PT+Sans|Roboto" rel="stylesheet" />.. <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" />..<link rel="stylesheet" href="styles.040f1cb447270a201972.css"></head>..<body>.. <app-root class="full-height"></app-root>..<script src="runtime.0f137e655adc0dd0db94.js" defer></script><script src="polyfills-es5.23ea7d956cbd3df943ed.js" nomodule defer></script><script src="polyfills.2313d45a56e869b03fc1.js" defer></script><script src="scripts.f9985651d5cc4ae2a2ed.js" defer></script><script src="main.63f69b226af33b3322ae.js" defer></script></body>..</html>..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\main.63f69b226af33b3322ae.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):867477
                                                                                                                              Entropy (8bit):5.335536725966103
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:TA16dMxVf+f0R3jxUNbPsq2/0rIg04NdOU8SqbFpzHxw+8HlR+4TyvWqkC2wmX9T:9oJ1jEtUkqb/zRAlYW5CZmX9i+VjQxE
                                                                                                                              MD5:FC930DBB0E4491769CC1E33AC2C59767
                                                                                                                              SHA1:6AB67724051217BA459442199DCD75770E8D83DC
                                                                                                                              SHA-256:193BCE3CDEC97E3D25E8918B5B494BDE54E085901ACC1E341C79B82D1B04D25E
                                                                                                                              SHA-512:CC892AF7A7B6FAC5BF89BCB529870C269848C819849A5ECE04A74EDAF67689C5C8459C2FEC54A09E818F4BF761651F2C10D42A38B1B75209C0661025F91E6C82
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: (window.webpackJsonp=window.webpackJsonp||[]).push([[1],{0:function(n,t,e){n.exports=e("zUnb")},"8/JR":function(n,t,e){"use strict";var l=e("8T9/"),r=e("Ibf7");n.exports=function(n,t){var e=t||{},i={};return void 0===n&&(n={}),n.on=function(t,e){return i[t]?i[t].push(e):i[t]=[e],n},n.once=function(t,e){return e._once=!0,n.on(t,e),n},n.off=function(t,e){var l=arguments.length;if(1===l)delete i[t];else if(0===l)i={};else{var r=i[t];if(!r)return n;r.splice(r.indexOf(e),1)}return n},n.emit=function(){var t=l(arguments);return n.emitterSnapshot(t.shift()).apply(this,t)},n.emitterSnapshot=function(t){var o=(i[t]||[]).slice(0);return function(){var i=l(arguments),u=this||n;if("error"===t&&!1!==e.throws&&!o.length)throw 1===i.length?i[0]:i;return o.forEach((function(l){e.async?r(l,i,u):l.apply(u,i),l._once&&n.off(t,l)})),n}},n}},"8T9/":function(n,t){n.exports=function(n,t){return Array.prototype.slice.call(n,t)}},Gjsa:function(n,t){var e="function"==typeof setImmediate;n.exports=e?function(n){
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\polyfills-es5.23ea7d956cbd3df943ed.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with NEL line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):260948
                                                                                                                              Entropy (8bit):5.330141721486753
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:HTArC3U3gZwFh5xRp/XkYVl6+jcbfj+Z+nb0ykSrwmHC5Ivx:kO3epp/Xt6+Ab0v46Ivx
                                                                                                                              MD5:2CE1B3229FB19FE9EF684308C20F6EC3
                                                                                                                              SHA1:B1CCF6432A3100C447EDB8D7E613A28EE033BEF3
                                                                                                                              SHA-256:8D01E755F4863F9404A46BF5DF2C4D3D5CA58690F04CA8C1CE0FA3BAAD307A41
                                                                                                                              SHA-512:74DEF912CFA6082BA7A4793A3A6F1ED2FFCB846A570BCA5A592ACDC6758079BFE7FE23C4420A1280C604021067FA37362AE09004D3937B4633D6BBCB3CC9885E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: (window.webpackJsonp=window.webpackJsonp||[]).push([[3],{"+2oP":function(t,e,n){"use strict";var r=n("I+eb"),o=n("hh1v"),i=n("6LWA"),a=n("I8vh"),s=n("UMSQ"),u=n("/GqU"),c=n("hBjN"),f=n("Hd5f"),l=n("tiKp")("species"),p=[].slice,h=Math.max;r({target:"Array",proto:!0,forced:!f("slice")},{slice:function(t,e){var n,r,f,d=u(this),v=s(d.length),g=a(t,v),y=a(void 0===e?v:e,v);if(i(d)&&("function"!=typeof(n=d.constructor)||n!==Array&&!i(n.prototype)?o(n)&&null===(n=n[l])&&(n=void 0):n=void 0,n===Array||void 0===n))return p.call(d,g,y);for(r=new(void 0===n?Array:n)(h(y-g,0)),f=0;g<y;g++,f++)g in d&&c(r,f,d[g]);return r.length=f,r}})},"+MLx":function(t,e,n){var r=n("HAuM");t.exports=function(t,e,n){if(r(t),void 0===e)return t;switch(n){case 0:return function(){return t.call(e)};case 1:return function(n){return t.call(e,n)};case 2:return function(n,r){return t.call(e,n,r)};case 3:return function(n,r,o){return t.call(e,n,r,o)}}return function(){return t.apply(e,arguments)}}},"+edc":function(t,e,n){
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\polyfills.2313d45a56e869b03fc1.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):179503
                                                                                                                              Entropy (8bit):5.297835366937642
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:U2VDXS6PeQTN5yk0edAOq1wAQWAhwKxGIxoJsvo:TVDXMQxsk08A3TlAPoJsvo
                                                                                                                              MD5:356A7D181B89F9FF1C8A48CF7A59F252
                                                                                                                              SHA1:0B82FF59A73BC6ABF4564A17AD1C51B4B8F3835A
                                                                                                                              SHA-256:104A09FAC04A41BD66D4E19A3947E3D08B5B8139CFC9B7C124C1FDE8C9EEE3DD
                                                                                                                              SHA-512:496A02E4BDF14084C59CD25D63E1538F1A9237A6DD2FAEFBEBBB527F11DAA0955F102DB4381C09D0343B028CEB8A76181A547A5E380E6EB2363F0F760F4D4D68
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: (window.webpackJsonp=window.webpackJsonp||[]).push([[2],{"+edc":function(e,t,n){var r=n("sU/p");e.exports=function(e,t,n){for(var o in t)r(e,o,t[o],n);return e}},"0TWp":function(e,t,n){var r=n("mrSG").__values;!function(){"use strict";!function(e){var t=e.performance;function n(e){t&&t.mark&&t.mark(e)}function r(e,n){t&&t.measure&&t.measure(e,n)}n("Zone");var o=!0===e.__zone_symbol__forceDuplicateZoneCheck;if(e.Zone){if(o||"function"!=typeof e.Zone.__symbol__)throw new Error("Zone already loaded.");return e.Zone}var i,a=function(){function t(e,t){this._parent=e,this._name=t?t.name||"unnamed":"<root>",this._properties=t&&t.properties||{},this._zoneDelegate=new u(this,this._parent&&this._parent._zoneDelegate,t)}return t.assertZonePatched=function(){if(e.Promise!==C.ZoneAwarePromise)throw new Error("Zone.js has detected that ZoneAwarePromise `(window|global).Promise` has been overwritten.\nMost likely cause is that a Promise polyfill has been loaded after Zone.js (Polyfilling Promise api
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\runtime.0f137e655adc0dd0db94.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1485
                                                                                                                              Entropy (8bit):5.142774489176319
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:ExkffRGjM7LGrYRS7zsQCBm3lBmGa0BTLWwMWiB/azfIvJks8Df:EWRIDY8QQuKTLWnBeYks8L
                                                                                                                              MD5:1244D3F2F28ECC6619157927ACA95200
                                                                                                                              SHA1:A9AAFCF49F49145093FC831EFD9B8E2F6C71BB9C
                                                                                                                              SHA-256:6C5ACBB82A46A4971660F65131241DFFCC28828F4DBD76B8EC7BAB0B468250F8
                                                                                                                              SHA-512:3686AFB82F76DA09848C154CCB79A5213DC67698763412E526216FBCE17A94BD0B1762DA3627677B3EE97A05CDC837739FDC4DBDC08B13FBD50CBB0FB9A0B512
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: !function(e){function r(r){for(var n,l,f=r[0],i=r[1],p=r[2],c=0,s=[];c<f.length;c++)l=f[c],Object.prototype.hasOwnProperty.call(o,l)&&o[l]&&s.push(o[l][0]),o[l]=0;for(n in i)Object.prototype.hasOwnProperty.call(i,n)&&(e[n]=i[n]);for(a&&a(r);s.length;)s.shift()();return u.push.apply(u,p||[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,f=1;f<t.length;f++)0!==o[t[f]]&&(n=!1);n&&(u.splice(r--,1),e=l(l.s=t[0]))}return e}var n={},o={0:0},u=[];function l(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.m=e,l.c=n,l.d=function(e,r,t){l.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},l.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},l.t=function(e,r){if(1&r&&(e=l(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(l.r(t
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\score-logo.f1349579ad253c54b26f.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34415
                                                                                                                              Entropy (8bit):7.933328398447777
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:m35yZfIlkpT2nqzmZ2SJm3xuMP0wEGo3fZNqwCflqIqDBrQ9HdjMM/Zs9l:ZZglkpT2JEAmhuMcio3fnqDfCFrQbjMR
                                                                                                                              MD5:F1349579AD253C54B26F45CC522C646E
                                                                                                                              SHA1:FDF35749A9FB8D1ABEBB0A8284AB2F20CE902C42
                                                                                                                              SHA-256:2CDFD2E0C6CEF0180A97D5833B2B66F161D7E41D553C83C582EFFFF365820218
                                                                                                                              SHA-512:01E4C30D2720525925D9E08C529D55743518334B68F250485F0C861CF23A9D58E3353F554A775941C779630AA2CE900ADAEDA99776EDD8D213E59F7C1FA43E28
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............x......pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\scripts.f9985651d5cc4ae2a2ed.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):262004
                                                                                                                              Entropy (8bit):5.306274658114229
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:zU9tEQfwXNqPlvkPlXRpF+q7RxcGSfZGVq93I92l/49sPLGP4oyLTzFi+19XjYor:zU9KuwXNavElXZ4zhGVJYpgt+sm
                                                                                                                              MD5:18BC9D824147F00AC04E21AF126F18B0
                                                                                                                              SHA1:ABDBEB397EA36626F06017463A2350198A2263F3
                                                                                                                              SHA-256:D381FDF8977748A5B5F8CACCA2676D69FCFBA5AE9D03C84FD190DABA65399276
                                                                                                                              SHA-512:D9F29AF18E36D691A7AAE8E9F4E7AE307C63292BEAFC58AD73E36AA275036601B3CAE4A8C21EA6F364739CEDDD9157A12CB3ACBEB805E0877392175DA13AA7FF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: function _classCallCheck(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,(function(e,t){"use strict";var n=[],i=e.document,o=Object.getPrototypeOf,r=n.slice,a=n.concat,s=n.push,l=n.indexOf,c={},u=c.toString,d=c.hasOwnProperty,f=d.toString,p=f.call(Object),h={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},g=function(e){return null!=e&&e===e.window},m={type:!0,src:!0,nonce:!0,noModule:!0};function y(e,t,n){var o,r,a=(n=n||i).createElement("script");if(a.text=e,t)for(o in m)(r=t[o]||t.getAttribute&&t.getAttribute(o))&&a.setAttribute(o,r);n.head.appendChild(a).parentNode.removeChild(a)}function b(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?c[u.call(e)
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\app\styles.040f1cb447270a201972.css
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):130601
                                                                                                                              Entropy (8bit):5.143173832904799
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:qSz1s3zpYFFSS52ze8hbUPFCMlDyeb9JrkjZDqCQfNHcjioi120UNOAyepm:qSz10pYF0S54e8hbgJFHr2yXacAyec
                                                                                                                              MD5:90BBC4CF9C6A86239B6FA72FC61B8546
                                                                                                                              SHA1:B9B473CAEEC9E262E70D40BC1E2CBF4B6BD95883
                                                                                                                              SHA-256:059CDAF28DAF260CFF8DA25282810CEC5E621F41A4DFC7E4D4958C48CC0032C6
                                                                                                                              SHA-512:8179C639258CCE929414D9BCA8BE980639F66A141275636766618BE04AAEACA95C049FA22DB01A0F327B5A845DF158FCDAF3AED653DEF982984B087130558605
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: body,html{width:100%;height:100%;padding:0;margin:0;background:0 0;overflow:hidden}@-webkit-keyframes spin{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}@keyframes spin{0%{transform:rotate(0)}100%{transform:rotate(360deg)}}.no-wrap{white-space:nowrap}.btn{-webkit-app-region:no-drag}.text-light-theme{color:#0d3349!important;transition:color 350ms ease-out}.text-dark-theme{color:#fff!important;transition:color 350ms ease-out}.pink-button{background-color:#ed4e7a!important}.button-dark-theme{color:#000!important;background-color:#fff!important}.full-height{height:100%}.gu-mirror{position:fixed!important;margin:0!important;z-index:9999!important;opacity:.8;-ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=80)';filter:alpha(opacity=80)}.gu-hide{display:none!important}.gu-unselectable{-webkit-user-select:none!important;-moz-user-select:none!important;-ms-user-select:none!important;user-select:none!important}.gu-transit{opacity:.2;-ms-filter:'progid:DXImageTransform.Microsof
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\background.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 540 x 380, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):54627
                                                                                                                              Entropy (8bit):7.9852529910298795
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Du7VTMcp7OfVTBoH3q0koxkqd7k1RA93iMrj:D3fVTB83gS7k1+iMn
                                                                                                                              MD5:0399EF80EF453972E5463538DB3B65D2
                                                                                                                              SHA1:EA9B9ADE1F0EB4F865583F859E6CD08774FE4304
                                                                                                                              SHA-256:E3F17EB4E3E22214C8B8A4BE314D2267DE08C4678C3AB9AE8798720E39F4DE88
                                                                                                                              SHA-512:7BE0DE52571E18A7314A203176B3C1B9EE5B7900E6DBA08D41AA1BDD4A647313F6F317B9A3A035E938D8188401A1DCE8D8962DC4D6B43B7B1EEF6A08598E92BF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......|.............pHYs.................iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...MIDATx...[.m[r..E.r..%..MIv.$R._ QEQ....?..[./...!.d..........m.F...m..E...h.........D.H..w.Z.22V..}.k...d.3...rg..c...._.?.g.......r.Ld.5y.........?..k.E.../...[}..F....k..B.......[fw.....<t...R..y~R..g.^.....k..}}.k.........Uv..........K..t;7.%]i.......<..x.....x4K.......6.DT..`x.DD.?........o....S..rt...y..<9.~....5...._..`Vp.J...p.;.#......\l...9.z......'...'%.$w.....}!.......>}...............\F..*v%./.h?..T.....D...2...q..2$z`........g[\.1z.Z.{.H..,...?.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\background@2x.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 1080 x 760, 8-bit/color RGB, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):148386
                                                                                                                              Entropy (8bit):7.989251695624436
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:Ict0zJe50jhnRnnumdcji3rDo0u28woLIefBnYG2E7D2IDftgmJ3keE+:snnumdvM/28wUIqBnJJ1RBkeE+
                                                                                                                              MD5:D62DECA7193990633A08C1D933056305
                                                                                                                              SHA1:7C26826E7B2865EF445CF55AAC60EF928F2B2C7B
                                                                                                                              SHA-256:0BC3DDAF22B9EA86ADD5E8ACD5C03781D157C833B399D5E28DF638BC0901C6DC
                                                                                                                              SHA-512:E822C71FF538CAE0C9FCAFBFA1D8C0D7B0203E32BA2324930E3185B3B291C7B4AC0B3B873349DE7D3B8549BE9D0C17A3DEC4B0523D248621643B01E074B529D3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...8..........J.V....pHYs.................iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F..A.IDATx....]w.Vu.....3q..p..p"...A H...+....Z..P..&.c.....h..@R.d...;..j.3.3o..*....t....j.T...........A|.....O=..`Q~..|...._;Q......Tw`..W./.;....?.._}^vU...T...ku96..K...`.]....x.t<.......L....N.<lw......i>.....n..s..1...;<t......E.|#....zf.Q.!.:.5tG.....T|.x.0....I....%..}.5g..Q...?..%.D..>.W;.qn.Y".........!.'.wpt...Rh.Ba.y.5..V....J.P#...........:..B..S...n...s.(b...7.r..._.y.M...I.....8P.2...e~(].&..|....'^l....OP.Upw...........yK.;....|.A.qI~.x.2#7..3..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\entitlements.mac.plist
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):280
                                                                                                                              Entropy (8bit):5.2580072930561395
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:TMVBd/Jdo+tJCc4EyfdUdBRqv9cH/MMSFAKFxQoMfHgMmf:TMHd4+tJVEdQsv9K/UFXFxQoMfHJw
                                                                                                                              MD5:8DA626EA332C2A4B51F3431F34B46822
                                                                                                                              SHA1:E61E40649F27E60D706A75E13B7E828C2CF9ADCA
                                                                                                                              SHA-256:677D0CA4C11DFB61F8F985970B86DA3B4D49131F1B781884C3D581BAD2B8D739
                                                                                                                              SHA-512:20EEA3303632BB2EE0C2C714912EC9262E8773E53E32330C0DA3815B927E8A9EF45FD3B5983FBAD6658267AA7C44B77F33631E84693913F674362FDA8A2C333C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: <?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">..<plist version="1.0">.. <dict>.. <key>com.apple.security.cs.allow-unsigned-executable-memory</key>.. <true/>.. </dict>..</plist>
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icon.icns
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:Mac OS X icon, 184627 bytes, "ic10" type
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):184627
                                                                                                                              Entropy (8bit):7.9907900238156175
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:3072:VHuHuHISSHRlGdOa0GdOa0GdOaXDxLDxLDxvvQZv3Q1BP/TZv3Q1BP/TZv3Q1BP/:JAAISSHGbbnDxLDxLDxiififip
                                                                                                                              MD5:32296A7742219ECDE650513163BF5654
                                                                                                                              SHA1:D34C1BCE746F9E64CA1FDB0099A4D40196AED262
                                                                                                                              SHA-256:A28F089FDE851E270F3D4D86DDD40F0257E167EA257B53B6FB254DB1969E7C56
                                                                                                                              SHA-512:85008C364FBBE3BB01E350AE56DDD9638057DB5316E00B4477BD2A5FC9D3BD00457AED6A2A45B78B538A8AFC25C6A903E0BE9FD2E27D8D6F7BC0B432402BA3C5
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: icns...3ic10...+....jP ........ftypjp2 ....jp2 ...Ojp2h....ihdr..................colr.........."cdef..............................jp2c.O.Q.2.................................................d.#..Creator: JasPer Version 1.900.1.R.............\..@@HHPHHPHHPHHPHHP.]...@@HHPHHPHHPHHPHHP.]...@@HHPHHPHHPHHPHHP.]...@@HHPHHPHHPHHPHHP...............c....u....v......:.y."..c.....Y..6,....,1y/SU.....F.:.e8.m.!........''.".\... ..<..|.$.7{e..."sr..CC.-..=.J..a..Z....3..l....1....c?...>~Y7.=.`.W...5.(P....qQj.=...bYX...W.G...}GP..x}.e"..#...U.N..._.EL...SrW}.:...h...~.,.wA.L;....c)d.9.......(0.&.~:...h...~k..-.......19.k.?6....'w...0?.\.+..(m].t}nv......,b.p\..t.#..g.Mky^....{.g......J......./}.Dj...........D.(v...l.^...2.r....nj*\.+A.@.....8.Vo.).c+...@.4.....Mvm.......xG......s......!..v@....y..j.."..KU.!.A>zY....$d.FZ.......O.1..;..P...~...t...:>.I..V\.V......D."up...].....^.2.`T.,.*+..x.9A.z.x.{..7a*v[...1&...#..L-.A.-{...\b.K...*...T.H.G.`..U.J....|e...S
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icon.ico
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:MS Windows icon resource - 6 icons, 256x256 withPNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced, 32 bits/pixel, 128x128, 32 bits/pixel
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):108523
                                                                                                                              Entropy (8bit):3.410151881305014
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ETUsnAr9kjEjMcg7DMeTom3xTi4e09EEghxmANyJZYhhX:ETUsnAr9kjEAc1LmBTi4DXwF0DiB
                                                                                                                              MD5:18CA3D77FFAD5911CC1202E6654B5C9F
                                                                                                                              SHA1:C68D9EEE86D3221EBC693E6A45C1CEB7201382DC
                                                                                                                              SHA-256:DC99686119B46CE9E44004FEC63D1E9602423E2332F8E112A2D0DA4951A5254B
                                                                                                                              SHA-512:75C654FB67010E25F8668AA5DFFC8231F71E28F99DF1717AC18BF02F8E946AEEC903497C4802A10ABE25841D0F5DD152763AA7FE235CDB94DD0023BB169D0F2A
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............ .}"..f......... .(...."..@@.... .(B...+..00.... ..%..3m.. .... .............. .h........PNG........IHDR..............{`..."DIDATx..]....u.vx...#!.,.....f....A...$qbW9..T.lW.....V...r\I%UY....I.U*..@b.X...A.V.. K.....%?..........Y.....}.{....s.0....G.....PD.pz........jXI..$.....?...(b..1.-E..T...T....oL...j.^...C...Ee...=/.A.%,B..n.*..rXN...g. (...R..vTQ.#(.......c..QH.9.0.a...i?.-zJ.."....7c..x.........f...d^..<........l.pXM.1....%....<....CY..2+..@...Q.`C.1.F.. .c.k{f..b...1{.B.. .c.....oB...>[B.!...._G. #.p.L~....L.@...Y3.uT....~...@P..S....`.&b....0.x.6.(c0.@Rj....`]z_<SX.0-. %.8...(.... .A.C.O..f.....:.u...1t.i.RT1........]^..(._..BtU......|.....@.o...ue....4aB..B.k......%l...w@.k.......ux.....4....<..M.]....= a. A.Hf.~.{.`'^.9=Qm 1..........Cw.U..'..,O*.<!. ...I)~......t.0.c.......J.......JN.;.1\....yx._......I.@..i0.!.Wm..8..$.)Xi?h(H.w....C.......a,L.&.c...a.A.Ra.....Y..1...1....Qb..\<g?..x..nM?.|.%=n...a....Y.<.@7..8.sqi.n
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\1024x1024.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):67132
                                                                                                                              Entropy (8bit):7.903644285944599
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:fD0q1zSNk+hYhYPXpMUFbtcc8YN25AoaWfJi2x7ht4sBD2vMLD:fopNNhaYRzFbtw0y/x7P2v4D
                                                                                                                              MD5:A53D9A60E91E75B3BC584B9E36748EA0
                                                                                                                              SHA1:8FF1B782DD929A7926BA74F4A1F84967F1BD63A3
                                                                                                                              SHA-256:582C2E6C891AA7E8889846E35B32175E895D6A9997F69D8BB9597A9CB611FAF1
                                                                                                                              SHA-512:2513DC8693567D744D3F3BB244D9FEACB907A9C1B69CF057B5FB8D164D839E641AEFE9F4D6069CC5A7FF4B63D2BE2B5DEFC6E0F744C6088C5E7EFB6FF003A41B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...............+.....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...&IDATx...Go\.......9gR$E1......l.~.....8..=w..n\\.^....b.9...I%*R.b.V..:..-Q..7...5w......c.5.-....`=.........M.F...7...B....y..........`AO>~@.............R...P.....>.\P ..P.....>.\Q ..P.....>B..Ha..@..........E........%B....S...P......B.;AQ..@....b.....E........} D.c........,.....R...P......B.{JA..@....b....2E......`.. ...........E?...-........,.............`.. .~C(........~.!..BA..(......w"..,.....CA..B....`.. .~.(........~.!..EA..(...X.....4...@......@...Q..........B.b..P.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\128x128.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):9051
                                                                                                                              Entropy (8bit):7.952123530234198
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:AKQ19LGaLiyYEKmhpCn9W0St+3uZyBk7pKeGWy2/QeWBykFqY:AKo9SEPbKmjm3j27pLj/QDBF4Y
                                                                                                                              MD5:9F7C325F2BCF0AB97BCCFE8E270E9535
                                                                                                                              SHA1:CFC22BA45B5C3ACDBDB9D41A92C32869ACC30FCC
                                                                                                                              SHA-256:4AE2358DFC23AE05B11F1668AC7D4236AF5CA8BEDD53C6DADA79E1E9685898C0
                                                                                                                              SHA-512:9AC155461E3A8EA615BA78329BAFC5A8B4F33643D5E90BBC75629BF8CDAF9FC0722863339CCD7FD7A8A201B6DCF0F0C03D8D2914CDDB90729328752966617CFB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............>a.....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F..!EIDATx..yL.W..?..l....11..x..11^..8..'].j%.Iu..j.Zj.kfT..K...4.Z5.L.z......$U.2.(...c.f..m.c..7..x....R.......'G.......|..{.....g<Gd...G.. .H.....G.?9.......... .......=7...i7..d.9.i..........}....t...m..x.5........\.v.y...$I........B.P.TH..k.l0%.W..b v...3p\z.-0........`....g.7..;......3.|..F......M..7....(.v._.....o/........*....w@.sd............._K.?,.."...3.Li.5....(.D...9...4..."...w.......Jk...&_....P..p;..mr..PZ..x..p....W.....@G......z.......|..n.n.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\16x16.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1336
                                                                                                                              Entropy (8bit):7.7099397599233965
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:myMOHA82V5TviibRSO3PNgPxheACTEu7zO4vNhW4fq8u7l:/3aoibRSO1ELCf7a4K8uZ
                                                                                                                              MD5:50C900A0E5FDE8D7416C4813C1756D94
                                                                                                                              SHA1:2F0E49170F6B7E25FDFD08859F7F58AAA3D33748
                                                                                                                              SHA-256:5E7BF54B876D50F97FAC513A057BEF10AD709806DAB1954C47422C2D84FC3A32
                                                                                                                              SHA-512:F64251FA30C433EBE9C9C45FC1B9695236700AB9AA52835790CBD9B066EF5FF17CF2635DE58B4BACD1F910BAEEE16E98007FAB859C73F6E12997E426754E2C60
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR................a....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F..."IDATx.l.?Hkw....s~.....J$&.....,...A..X..\..E..'....uth.P..V.[...R.-&6.....h.L$...;.r.EJ...>..y.eaa....R...#@'`.o....6...!D..."wZ...eYs.....E.4.E..I)..r.......-.....~.B|d..N....iNNN0M.UU.....n....a.UU..0..1..A...&''..........<..777.R)...).J.....f?.BT.?m..a.s.P...6.~?]]]lnn...q..$....2kkk......0.....[...BUU5.L...Ckk+.......N...rtvvrww.......$.I....'.i..x<...=.B.|>..(D"......b...1<<...0.....^.~?.|~Ls:..###.r9b...R.=.X,.eY.!.R......BJI.^G.4.&.....4M...;l.<==..z....!.x<8....
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\24x24.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2011
                                                                                                                              Entropy (8bit):7.793087068937161
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:syMOHA82V5Tviip0+ALFv6HjyHQOUEln92c5BnGn6w9kcuccmOh9a+dbI8vJB6LH:F3aoip0vdGjCUEHnBc1Ohtb9vvtC8H21
                                                                                                                              MD5:0550B21CFA7E6FADD812DBE99086B299
                                                                                                                              SHA1:2F9D3BD2ED33A6999CB14323515D8F64B09AD6B5
                                                                                                                              SHA-256:2D8BE09DC550BD530559527BBD63A4D1DB7BE4FE827D0102D34F2D9963927EBA
                                                                                                                              SHA-512:98DB3003526D763301D47BB9DF89ADE742EFAB4C907CC0A67D33CC1E9972075400E14D58240E53F4573BDF7FCFA19960CA4A889EE5A3BEF012F3A50A35BF3E16
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............w=.....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx..]LT....{....m#.#$P...(L.._D(N..-...Es_.c.i..&..4m.4./..o.<P.o)W"..zE..a..3#.....DF.....9}.4~T....k..../q..y>...0P...n..V...?........H|..e.Y....B.}^.T.?v..W...EQ......./._..l........).;...!..}..g?_]]mV......../..,RJ..,....<y...E,.z.%...333CGG..EQ..>.....~.|a.&....i.<yB$.............h....:........;w......r.\.N..0..444......l...g...x.D"..R)..0>........i..9s...n...hlldrr..5!.!...$ ....i...AR.....TUU.8..d...I...p..G......./...err..4....4M.J..@.5..,....@ @WW.....B!t
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\256x256.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16369
                                                                                                                              Entropy (8bit):7.948954465551638
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:955HP1V5Zv5RsXN7/M2yunsgQ1GpsN1bifzxUsaJFa8zo:rRTTR87U2ycO0lf2saJZE
                                                                                                                              MD5:6B39C04469EB9C186F44FD8BAA087918
                                                                                                                              SHA1:CE585A7FD0B274F1B9FE177944E7E52937DC686B
                                                                                                                              SHA-256:41DCC20A341B98517B655B7CE516FFEB32731150F0F59ADFBA0A007336661383
                                                                                                                              SHA-512:22FC0FAFF85028639837181841E2E7CA1B660D4DE230937EB85E03994A00400B6640BCC6C3A69CA5B47689CD47CBC683A04AD50567CAE2F62EA86A2A4AAE08CB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.............\r.f....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F..=.IDATx..}iP].u.wg.(.@B....b..y......R..yv{..NR.K.T..S......8i..v..X....n.2.3b.H .HBH.p...s0...>{./p..[.i.=.....^k..i.y...8...`... .@......o..w.....*.q......O...g.&........A.....I...$.H..&.N4.S>..).1;...].....X.p.@?......T...B.. U0.....+..>.S/...;<.g...t..0.`H..T.P..P.]...=......H.U.....t...*l%.....q.....y.^....1..1.K......5.6.w...........s..3Q.....z].6....@..sS.E*...>.....>I.%..c...Sl.......%...J.~.B..?.Lb.tH.^........4..F%.........@.*|..3.s.......<Ro.J.<P....j.F..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\32x32.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2745
                                                                                                                              Entropy (8bit):7.848490954150541
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:2f3aoiHv6mGm9CaE6wWqh5clF20wzxKfcaUo/fDwEzeRxT:2f3UkqCtbh5clF20w9KEStzej
                                                                                                                              MD5:D6ECC5F6F7502B631DA826347B104AC3
                                                                                                                              SHA1:869B9081811C2F889E0A8677559C660EC7DBFCB8
                                                                                                                              SHA-256:F1AA8504BC07ADB473CD975B0F486BD2DD495F76E7F6DE99E0FC64F53F745879
                                                                                                                              SHA-512:87B42452E0E61753273F3B126194ADFFA5B33DD8694EC0D72FB62BEFB061A7274CC46523C1AFFEABEA99DC096EAB0EC17AA177AC0EF4B419D662686C19911E66
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR... ... .....szz.....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx..]L[.......i.(...e.......$.b..IQ.jR&E.Tm......f....*.b..N...k.6.m#.lC0KQR.4.N..(@.....Q...svQ.r3...8.}.......!....lr.....@)..X.{Q`........T......$....v...i`......./...._.[...8..oF1+pR....|..=0.]......'?..IAA.......(.....?...i.............\....l....w...0..E.X,Fvv6...)@. l.>........F...(......M.~.\.....j.2....P...>....r...y...Y__G......p...r...6..C............./.K........F.8.N.N'.H.A....x.^4M................1==M(..n....Ooo/......X,......7...I.O>.$.....I__....h.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\48x48.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4165
                                                                                                                              Entropy (8bit):7.910741534274044
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:w3JOEIodkefZ+q/FpG8Sn9EG3o/3GN0y9RAD9lGP4qKpTcMn9:8Xd1fZLNzoo/3GjynsgTv9
                                                                                                                              MD5:E0D219DAECAA7F3CF38BC00ECF13FAAE
                                                                                                                              SHA1:4A8392555AC96F232D6ED48DDC2495A6C5A7EE82
                                                                                                                              SHA-256:44669160C1F9D6BC00F4BA21EE8595AF0B938A65D0ACF088D7AAB5AF9CA8C3EF
                                                                                                                              SHA-512:6419F23804A07CBFAF7DCED61EE98071605A5B340A37AE3A01D8413F1A3575B21AD806F51CDD447D40E6E4DD8B2BE48B35E117A3AB641D1F3317890F8CBAF417
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...0...0.....W.......pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F.../IDATx...o..v.?.p...B.)G..z.,.(qQ.'5."E.$.M..@..[.-......{[.i..#.m.&..X.%.$K..K..8.B.....9K.L.HZ...........w...|.9?.>b.c;..~.8.l.l.X....{...........[x.M.#..Y..8.........?.z.e..3...@..,.q...`...... ..).n.[.S.E.....2....v........0..UU..zQ......p.X......!...ol.G*....p..!...4.g..L,.cxx..4.EQ.~.t.?.V.$`.hz..VWWihh...^.....+Wp.\.[..{..O.@.h..t.I..E....w..x....~.:....l..Z.4ML.............y.&.aX........o..WU.C........2...U.....$...f.....g...Q..............UU.u.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\512x512.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38345
                                                                                                                              Entropy (8bit):7.950628041653487
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:4xoJNIVKOHDhudCgajA/lmGIviV1cNMexxX+mKDidmqxyYg:4xUeV/HDhudLbIu1cNMeT+m6k1xyX
                                                                                                                              MD5:8969729BF9CB770B7F2E40BCDA158F8F
                                                                                                                              SHA1:3D26F61C9971EBEC66236F31908FC39C774D2CE0
                                                                                                                              SHA-256:E7AE0C8361781945008884DC6614C094234093990018627EB460A53BC5A6D1E7
                                                                                                                              SHA-512:4A0EDD3A2D6639C28475A182D06383CD3B45B0B239BF203122E9C07F7F7DD622D564E7BE491EADFDB165669249623FD5469AF2F700D3649DA24CACD41E53E80F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR..............x......pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...gxd.u....B.h.......s....)*R.,..(=....}mK$.=..J..E.....4.I#K.(rH.%ETB..9..s.N......};`..~...y.%..u.^...Zkk~.7...Ap..@.+...@.+.~8._.....*....._.....^......g......".... .'6... .......6..y..'....7...W.............._.... ......N>:.......+.... &D..U..i..m..%....i.}..pJ. H...ohn9..............xym..._.9 .|.>n8.0..-..O@G..A.. .r......~.@.."^....mqp...........d.H.......`..........._KQ..#.-S..,.<..........D.A.$....p}>...............l.mQ....@v.......).......A..a.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\icons\64x64.png
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5157
                                                                                                                              Entropy (8bit):7.923830669493973
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:X3iWY/nOEEG20wNRJ6N7ta5a2E0bO8lBcq1lacorAWiozE:ngPwNdNvU7E5a2483SpzE
                                                                                                                              MD5:6F25A419CED55298E82E6C1F71913661
                                                                                                                              SHA1:A63987488770186015E2ECA8562F506F10B81CDF
                                                                                                                              SHA-256:43CD43F43DDE3AD709A96BCA3C6AD9181F0D840EC03278C49B632413154B923B
                                                                                                                              SHA-512:A66EAB1FD71854A2636DD8A266E6475D63159E1EA8C06EAC7AE16ECCFBCDDB46B4BA3CC05E8D3AE22867D37E00815EFAB1242FCD63484C8DC3D84FAFB88B1C73
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...@...@......iq.....pHYs...#...#.x.?v....iCCPPhotoshop ICC profile..x..kS.....&j.V*....E....V....H....!...m....)R\........... (. ....Z.C.)B........!SjE.d...N?^Z(..J5..j...N..EI...b...A..[Q;..:.RO"..8...>.E.o.{}...E....sL..J..=r....... ......B....wp..df0.n.G.....w.^.1LH,YP...yy....6.Yv..`.e].HW..UM}SB..u..X]].F.R...5i...\.+..K..8....6....4.zB.3.:.~..g~...z......Co../os.S...@..F...8X..[F..6..=.H.&.7.........7mg..&mB....gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...O\wz.?s...1Ws1....0....@..K.I.M..Q7.F.6........V....h...n.+m*K.bw...3.clC.........33......if83..v.H.........y..gL.../.CI....)p.H....."...4..,......<{.@y.......@..F..).....y....0..'....\....z...\....l~.5......\.*.?).G.B.U.wi....0.L...L...Z.<...^...o......'`>h.?...f`5.h.<.J. p2.L&4MC....,..[..y...R@:p.H.....[o...........r..5.E....p.(......#...<.UU..{.:uj.....n....HRX$...r....9.H..[6.......Q......x<"4vzy<....R[[..mh.T....E= =hy......L.-.j2.p8........
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\installer.nsh
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21
                                                                                                                              Entropy (8bit):3.8801799226757376
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ZLCAWh1KRln:1KjKRln
                                                                                                                              MD5:E6648711D67372EB7100647080971855
                                                                                                                              SHA1:30512B3DEEE2892A753936416ED7ADFA698ABA0B
                                                                                                                              SHA-256:4C276BD1FD781F0A521F9DC0F0293B2E9D7809FD6649DB2A692C9B76985342DC
                                                                                                                              SHA-512:9EFB4091D5AA3F54DFA9EDA6443537542598DEBF28386724B2E9FD52D3242A9EC4B577511BF6EC799EB06C1D563B7371EC1E9DA00F03E996354C8C2346203AAA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ManifestDPIAware true
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\installerHeader.bmp
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PC bitmap, Windows 3.x format, 300 x 114 x 24
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102656
                                                                                                                              Entropy (8bit):6.047069603634058
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:172aIq6pHc50fe5pJxAwxHIJkXoc4TLnB985wQWbBPlX+DgPseMRs:R2Hcb5pJxAYIJkXHgj85RWbbNPos
                                                                                                                              MD5:F6920811748215D46380059DF568318D
                                                                                                                              SHA1:9D20ED8BD1194F67920B37F5346B7ADCDEB5ACA5
                                                                                                                              SHA-256:61AE2D5306A567608910432E53A4CFF6B4E3F15F62CFF0302E11FBA6BED7F1A1
                                                                                                                              SHA-512:11CABB204E1D408D14A12E529BB035E2A66BCFB0B10CD7FD2A39A75EEA7F56D985CE850DC509DFBA4FF5A949B413291E4BCF2B43F0029658FE9CD4E918352BF6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: BM........6...(...,...r..............%...%...........=..>.!>.!>.!>.!>.!>.!>.!>.!>.!>.!?.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@. @. A.!8..*..+..+..+..+..+..,../..6..6..5..5..4..3..3..2..3..8..@..B. B. B. B. B..B..B..B..B..B..B..B..B..C. C. C. C. C. C. D. C. D. D. D. D. C. C. D. E. E. E. E. E. E. E. E. E. E. E. E. E. E. F. F. F. F. F. F. F. F. F. F. F. F. F. F. F..F..F..F..F..F..F..F..F..F..F..F..F..F..G..G..G..G..G..G..G..G..G..G..G..G..G..G..G..F..F..F..F..F..F..G..G..G..H..5..0..1..1..1..1..1..1..8..=..:..:..7..S. t./p.,n.+t... 4.#:.":.":.":."9..2G..I..I..I..I..I..F..U. .!7.#:."9."9."9."9."9.#9.$8.$9.$8.$8.$8.%:. 3N..I..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..M..N..N..N..N..N..N..N..N..N..N..N..L..W...%6.'5.'4.'4.'4.'4.'4.'4.'4.'5d.!J..N..N..N..O..O..O..O..O..O..O..O..O..O..M..."-.'5.&4.&4.&4.&4.&4.(3.)3.'0O..1..5..5..5..5..5..9..B..C..A..A..A..@..?..:..\...#+.&0.(2.(2.(2.(2.(2.(2.(2.(2.(1.(0.(0.)1.)1=..>.!>.!>.!>.!>.!>.!>.!>.!>.!@.!@.!@.!@.!@.!@
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\installerSidebar.bmp
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PC bitmap, Windows 3.x format, 328 x 628 x 24
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):618008
                                                                                                                              Entropy (8bit):5.819105184676242
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:rZf7lJQYlrnXRyqyYhqrX1C1xW3hbMXoCXsob:5dhCXdYoCXsG
                                                                                                                              MD5:89834971C4254FEA385C7B2F72105E28
                                                                                                                              SHA1:6EA0A607B05E2E7BC8349D65C1B946DFC3D3BE6F
                                                                                                                              SHA-256:4F56261424B3C684C319F959591607FE42E29DB47D3D408B9F8E70C3F5D333C2
                                                                                                                              SHA-512:A78A4F76391DDA350D7053524B7B5B8A71A79C80C79EBA7ECC9504376638B38F9176DB3F3CCDE28A88A7DCAB297A7BCA2DE2AEA5D9F50E911023AD86DE7265B5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: BM.n......6...(...H...t............m..%...%...........J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!K.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L. M. L.!K.!I..@..<..=..=..=..=..=..=..=..=..=..>..?..A..A..A..A..A..A..D..E..F..H..J..K. K. L..N..M..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..N..P."O..O..e.,.";. :. :.#;.#;.";.";.";.";.$:.$:.$:.$:.$:.$:.$:.$:.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.%8.$8.$8.$8.$8.$8.#8.$8y..T..L..N..P..N..J..L..N..P..Q. N..N..O..P..O..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..O..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..Q..O..M..M..O..N..M..M..N..P..O..O..N..L..K..K..J..I..R..[..j.%x ,.$2.'7.'6.'6.'6.'7.&8.&7.&6.'5.'6.&3.&4.&5.".P..O..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\notarize.js
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):795
                                                                                                                              Entropy (8bit):4.817758863154197
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:qPYFQ48OBdnrzdGpRMuqQvn+Mc4cjKukXnnwclDMVKc6sKJnacqul/ic78rL2B5o:qgFScdnr8/FnvUkXnI5gNl6c78rL2B6
                                                                                                                              MD5:76B8DA11BEF97A8DCD84F2A295629DB6
                                                                                                                              SHA1:F4D206D875DBEC66665A381C12E1721B2B0F6CF1
                                                                                                                              SHA-256:ACB219FCE34574A0AA8C9B20543BB475624D08F2F5D5B1BE793271964C68E6FE
                                                                                                                              SHA-512:BE7D00FCB5A1B621BBCB5D562BB5C298D001C2B0F62F80A1834085FAEB248CF741675C0C20665AEC2CDBF9C2ABF985DCDD35CE404AA6FFBBD1393F2181AA49D2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: const { notarize } = require('electron-notarize');....exports.default = async function notarizing(context) {.. const { electronPlatformName, appOutDir } = context;.. if (electronPlatformName !== 'darwin') {.. return;.. }.... const appName = context.packager.appInfo.productFilename;.... if (process.env.APPLE_ID && process.env.APPLE_ID_PASS) {.. return await notarize({.. appBundleId: 'com.sidequestvr.app',.. appPath: `${appOutDir}/${appName}.app`,.. appleId: process.env.APPLE_ID,.. appleIdPassword: process.env.APPLE_ID_PASS,.. ascProvider: process.env.APPLE_ID_TEAM,.. });.. } else {.. console.warn('NOTICE: Did not notarize application due to missing environment variables.');.. }..};..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinApi.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):113568
                                                                                                                              Entropy (8bit):6.566874263414715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:owqdq+3pvspmLh8SCykrpTG7kfGHuNezq02XJqo+iFi1yCPgHQQ+8iAqvN:owqD3L8Tezq0et+ui1yJ/D+
                                                                                                                              MD5:B7417108AAEEC26C3A9AE5EE90185AF6
                                                                                                                              SHA1:447C6B314D740884424E271FED390C2CD08E39C8
                                                                                                                              SHA-256:F0755DBF9C54F0016D99CD2BE58F9C1B2D993539511B23934F7CB3CEE4333769
                                                                                                                              SHA-512:409DDAA9B62744BCDEA41321515E689A9FDFCBD28D4CC93B6A0633F712B622E2351B08928384940E32FB0D8D1EB264153AE30C9BCDB062FD85F28C8D21275E16
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s............jF...........j@.....jV.....jG.....jQ.....jA.....jD....Rich...........PE..L.....U...........!.....F...R......Lz.......`....@.................................}.....@..........................E.......=..P....................~...=...........................................1..@...............l............................text....E.......F.................. ..`.data...d....`.......J..............@....rsrc................\..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\AdbWinUsbApi.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78752
                                                                                                                              Entropy (8bit):6.567667023751328
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:S72doFmOiHizFbPlspcsbj5ZsP+YeTs1p4hQ+8iAD:SSSfN9+YeTs1pbDD
                                                                                                                              MD5:83E5A57FBC4A89C42B50025C048ABE54
                                                                                                                              SHA1:ABCF3A46CAA93EAE3D0C5C4CC44AAFE239A04E7C
                                                                                                                              SHA-256:13E8191CC51D0B450AF365C209F9957E28D0F9815A467A5C7BFA137C5D6CFC74
                                                                                                                              SHA-512:D27E967F208ECEE29A89E3C277F673B433A968B931AA3F099A140F97FF191AD9F686B41D49F5FE5DFDACDA5446641C23331E9205ABF75BDB392C2C5BD6815AA1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!Q%.@?v.@?v.@?v.8.v.@?v.@>v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?vRich.@?v........................PE..L...1..U...........!.........8......JC............@..........................0............@.............................^.......d.......0................=.........................................../..@............................................text...N........................... ..`.data...............................@....rsrc...0...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\NOTICE.txt
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ISO-8859 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):362313
                                                                                                                              Entropy (8bit):4.85461473942343
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:h2jW3fIKq7qKLW/t+qN2pYRetrqRIrvU2jjpJl4sQS+qcqdjhMqjqLqQZjWgs:hh3fIKq7qKLWl+LpYROrqRWvU2jjpJlH
                                                                                                                              MD5:83DA50EDE6298A9B37EAF43AE79F99BC
                                                                                                                              SHA1:7A51F761C74C9B9ECE9DE4BE1DD4483170E97F67
                                                                                                                              SHA-256:A4DC8C23032FAB75F0D3ACA897E8A060C8EDCDB4D799EAE60A65166193C22155
                                                                                                                              SHA-512:B2186DAEA6F2C9F7D55745A9FABB024C3296F1D2F00C2DFE32691337E781D3C5899814AF540BD7A3599E0B0A4D284501D13C344493E72D6CFC09334F2BF0E220
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Notices for files contained in the tools directory:.============================================================.Notices for file(s):./lib/libfec_rs.a./lib64/libfec_rs.a.------------------------------------------------------------... GNU LESSER GENERAL PUBLIC LICENSE... Version 2.1, February 1999.. Copyright . 1991, 1999 Free Software Foundation, Inc.. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.]..... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users...
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\adb.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5208992
                                                                                                                              Entropy (8bit):6.723520085477772
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:gw4WrpLJZzJIauEJ21QU83/79wsa7qQ1KPBT88mPDt5Gc9aAgMn/GLuqCD7FFtIu:4IE2we9bGHDMRLy
                                                                                                                              MD5:A6922D1B0CE58266497BA9DB1A35C900
                                                                                                                              SHA1:F61F447DCA87B5E9072CFEEED1F3D31F68991A51
                                                                                                                              SHA-256:886924EC5FE4037303A3E1FF8888C7A4F1312B9DA53A53F14F1C74785225C27D
                                                                                                                              SHA-512:F13A90D3B46924E590E6FC9AE999CBDEAF01AD3CB8C0F7069C3945940E0311E4795CA5DA4C04C7D62FBA0FB251F0D26A90C4D869609D96AC61C03D39FBCD3DEA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.:.................D;...................J...@..........................`Q.......P...@..........................zH..9..8.I......................>O..=....O.$.....I.8...................DP=.......................I.<............................text...~B;......D;................. .0`.rdata..:....`;......H;.............@.0@.buildidQ.....I.......I.............@.0@.data...XX....J.......I.............@.0..gcc_exct#...`O..$...\M.............@.0@.tls..........O.......M.............@.0..reloc..$.....O.......M.............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\dmtracedump.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):264096
                                                                                                                              Entropy (8bit):6.577004764717794
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:Tnz6A+7vv3u4JizKUZmAbkAlPomhM+JN15rfuGpio6AO3:7zozfYK1AAAl1io6b3
                                                                                                                              MD5:DA3B5BAFA613DA0D1C26F4390C050D99
                                                                                                                              SHA1:C39B510390E6891FF48B5726A3E413C003B5F7F3
                                                                                                                              SHA-256:E7D389149FDE8C058692DDCE4288BC52413A9A9BCE815FB28B6AEE2389904C10
                                                                                                                              SHA-512:B2F06F73B3600D304BC9A8D3CED89DBBBF0A121498348A294EB3BDF39B0A2ADB299539790FDABBEA34D0F08775E76AEBD4ED439B60BD64321339E0FFAB17D65F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._7.7..........................................@..........................0............@..............................................................=.......)......8................... ;..........................l............................text...0........................... .0`.rdata..`.... ......................@.0@.buildidQ...........................@.0@.data...t...........................@.0..gcc_exc\...........................@.0@.tls................................@.0..reloc...).......*..................@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\etc1tool.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):442784
                                                                                                                              Entropy (8bit):6.726826624691355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:kKyss8q5MJQu5x8702VR0XfH4yg6cTqpDDIM:Pyss8qCQu5SxVR0XgyZcTWDsM
                                                                                                                              MD5:CF5F77EE2644743A5457D3E31DBE3A16
                                                                                                                              SHA1:7A900B82DE60DBB3E1C55664834797C8D7795E52
                                                                                                                              SHA-256:0693921F7E18A8738933F80193A067D4B5B98CBBCE5EB1743235A0E16F160225
                                                                                                                              SHA-512:06DAAE0E9D93640EDF8F6DE49F7D939985EF148517EFB9D3755741EC926560E266AD7F30525DA845CB83AC5CEF1BDD2AE6953F403A078B95E4E550A11B44E895
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8+9.................L...4...............`....@..................................m....@..................................;...........................=.......9...P..8...................l.......................X?..X............................text....K.......L.................. .0`.rdata.......`.......P..............@.0@.buildidQ....P.......@..............@.0@.data...4....`.......B..............@.0..gcc_exc\............D..............@.0@.tls.................H..............@.0..reloc...9.......:...J..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\fastboot.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1412000
                                                                                                                              Entropy (8bit):6.660034706054847
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:lNmknKkn+/ttZBCfolkJhs0QNyqm3t4fWgS4N+URW6Tih2Ct3HP/:lv+/tAtJZqm3t4RzTihTH
                                                                                                                              MD5:CA40C13F27AE67C4AC1F1727A4A2F6EC
                                                                                                                              SHA1:51731EAC98C21870408A7B7C35EBC432CEB7D8D2
                                                                                                                              SHA-256:66C7EB1E29941593934E12E65761FD7E7D1B306A991A609A14712387F019E984
                                                                                                                              SHA-512:D63E852C6CE2253815EFC7A0A5D8FBBE2D587568341AB4FAB5F9359E190DB0FA7FC38660DD27CD3ADC82895844038D4DADBF6141274151F55A31F75A4E93EE8F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>?>.....................^....................@.......................................@.............................D9...W..h....................N...=......h.......8....................@.......................]...............................text...P........................... .0`.rdata...x.......z..................@.0@.buildidQ............j..............@.0@.data... 1...........l..............@.0..gcc_exc$#.......$...r..............@.0@.tls................................@.0..reloc..h...........................@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\hprof-conv.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59296
                                                                                                                              Entropy (8bit):6.761803177806214
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:ktqy66ZJhgHNrt1hZhEBedK4hccVOWz3emewf3lTSUDG6KgSebDGjFp9E+8iRO4d:kES3gHNh3wQgpWSmewdfGFQ+8iA4K8
                                                                                                                              MD5:0579D102B86A59F969EA7C3E08004DA1
                                                                                                                              SHA1:9D40E84231F0F4316D7F0A4EDB4AD09B19095022
                                                                                                                              SHA-256:146567CE2DADBA34C9C70A2633FEFF240A4270189DED6CB7AEA2FA62830CF719
                                                                                                                              SHA-512:CC9266C5A27C54FCBB9840803E11F60CBF16C0A6CA3300A8B5B399A2600BD4894621A927927AB228D5A1462DA59F84461C05057602F3E7EA97DC187727D8084E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"6.................|...*....................@..................................a....@.................................$............................=..............8..........................................p...\............................text....{.......|.................. .0`.rdata..\...........................@.0@.buildidQ...........................@.0@.data...`...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\libwinpthread-1.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):247376
                                                                                                                              Entropy (8bit):5.927846526173433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:9jwmb0Kdpbuim3YTU8Jr95Qu8YCrd4LoQ:9jwmBvuim3YTFt9PCrd4LoQ
                                                                                                                              MD5:5BFF399845348611D1EB52BC3A3ECA7E
                                                                                                                              SHA1:B4CD9986A8F1D796016716AF07364D2EBBEEB984
                                                                                                                              SHA-256:7108C5036D6ED59F62A43D4CC556554DCE7C78DFFE3179DC30909E84A5EEAB98
                                                                                                                              SHA-512:125E5B3D4CAD8A661FF2451D7DD9AE541B4B35BDF4C36978029DD8A1D5FF71056A5B69D6E35D30009CCF0B1AB99358AD60074C10E291859C62C5B352401DA541
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t.^....:......!.........<.....................d.........................p.......2....@... ...................... .......@.......p..P................=..........................................................pB...............................text...@........................... .P`.data...............................@.0..rdata..............................@.0@.bss..................................`..edata....... ......................@.0@.idata.......@......................@.0..CRT....0....P......................@.0..tls.........`......................@.0..rsrc...P....p......................@.0..reloc..............................@.0B/4..................................@.@B/19.....V...........................@..B/31.....o...........................@..B/45.....r'.......(..................@..B/57.....t............8..............@.0B/70..................P..
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\make_f2fs.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):508832
                                                                                                                              Entropy (8bit):6.709767743408933
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:QHJ20yk/Fjzlis8R8sIifSlUh5VydwS/GaTTGIRO0:QHJ/FX4rR8KSl+5STG6O0
                                                                                                                              MD5:456388EAE77E4D87CC0D53302005F993
                                                                                                                              SHA1:9ECB9B6721AD7BE29BC4CFE31A6B3BF48F44805F
                                                                                                                              SHA-256:86F4C40AFF64C7B8F14F779727B4EF7E80A43B6784DC711B22F614E84BFE34A2
                                                                                                                              SHA-512:5D2750E1B791C2DA22E6A0C22CE33C76B201FFD477A0ED99D6213D9AF7541258D3AE7B89CF944C0F193613E3326B62583EF1BFBA5A4B74EFB9BE0E747B794EB7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p....................D...>...............`....@..................................T....@..................................4...........................=......DA...P..8...................p........................9...............................text...HB.......D.................. .0`.rdata.. ....`.......H..............@.0@.buildidQ....P.......6..............@.0@.data....'...`.......8..............@.0..gcc_excL............<..............@.0@.tls.................B..............@.0..reloc..DA.......B...D..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\mke2fs.conf
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1157
                                                                                                                              Entropy (8bit):4.2433656306527565
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:GmQZz2aG+oOnosJW9qoDBaDKj52la+5fjlQafHQaIJ:xbaGtOosJWvDB8Kj52la+5fjlQafHQaQ
                                                                                                                              MD5:699098CA95F87BA48BB94A3E848549B3
                                                                                                                              SHA1:50A060B26D000908D3C664600D61D3027FAE0FA9
                                                                                                                              SHA-256:AD58A58DCDD24D85055814CA9CAC67DB89D4E67C434E96774BDCE0D0A007D067
                                                                                                                              SHA-512:C46FE3CF5C09D81407D0A5C24CB9BCCBDF2D4D40F310B9EC8C4C4336D1F2356E6E9D1E33A2080F52BD6B6F77732EC155060D97558BD5B5B719BC389EB6D24DB4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: [defaults]. base_features = sparse_super,large_file,filetype,dir_index,ext_attr. default_mntopts = acl,user_xattr. enable_periodic_fsck = 0. blocksize = 4096. inode_size = 256. inode_ratio = 16384. reserved_ratio = 1.0..[fs_types]. ext3 = {. features = has_journal. }. ext4 = {. features = has_journal,extent,huge_file,dir_nlink,extra_isize,uninit_bg. inode_size = 256. }. ext4dev = {. features = has_journal,extent,huge_file,flex_bg,inline_data,64bit,dir_nlink,extra_isize. inode_size = 256. options = test_fs=1. }. small = {. blocksize = 1024. inode_size = 128. inode_ratio = 4096. }. floppy = {. blocksize = 1024. inode_size = 128. inode_ratio = 8192. }. big = {. inode_ratio = 32768. }. huge = {. inode_ratio = 65536. }. news = {. inode_ratio = 4096. }. largefile = {. inode_ratio = 1048576. blocksize = -
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\mke2fs.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):768416
                                                                                                                              Entropy (8bit):6.761412427340894
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:5745MclAx9CEID2+UMQZw1MdYJ9kUgVnSICH9l4mjBNR0VcVALaD1SRDJPa2sON9:wQP4gVnSICH9lD6cVAuDkRDhMONp2JTa
                                                                                                                              MD5:D9992E1AD0CF98BF746DB250ECC32982
                                                                                                                              SHA1:3BFC4F5B25119642715925516485C6F31B2CB08E
                                                                                                                              SHA-256:B05F7D13141BDFFA7B9C5F1B756ED8A1DDD1B608632849A296BB1E98BD8D83D6
                                                                                                                              SHA-512:47B9637A694402C4D523941C682670DEA7FF97724847EC44E396C8DA57349953926AE4408ACA035E573A996F782AC30E3C3F5E931E499F943114D5B32E7AC855
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O8.8.................p...................0....@..................................,....@.....................................,....................|...=......`Y... ..8............................................................................text....n.......p.................. .0`.rdata..............t..............@.0@.buildidQ.... ......................@.0@.data...|'...0......................@.0..gcc_excL....`......................@.0@.tls.........p....... ..............@.0..reloc..`Y.......Z..."..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\source.properties
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38
                                                                                                                              Entropy (8bit):4.366091329119193
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:rNBKPS:i6
                                                                                                                              MD5:B52F2D5EE0313A147A8FDE51599BA4D3
                                                                                                                              SHA1:76399E19E2E6012CDA718F07F08B9839C6C1CF46
                                                                                                                              SHA-256:04DD9912F1106A50FCDE23AF3287BAE2BC76BA1A050DDA10F02FBA3086A8813C
                                                                                                                              SHA-512:25BB022049708CB254AA24BAFC27FD0CE63FC7F324C27A9C5CAB991B8B3132E470F1FEC6B5C99D77810DED735FA266107AF992D1407D2966DCC2FA0B992E1B23
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Pkg.UserSrc=false.Pkg.Revision=30.0.4.
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\platform-tools\sqlite3.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1217440
                                                                                                                              Entropy (8bit):6.578688636172767
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:FTcpAu5RRHcP+UeCfiBsFJrNRK6wauJF2viipD/3IL4EJ/8BjFb:luxUe7TxyKiKhJkBjR
                                                                                                                              MD5:10F057F635D987DCEB0F5403EDBEB639
                                                                                                                              SHA1:45C5385582C6B10381F14B43C97F5EE5613238EC
                                                                                                                              SHA-256:10B530AE001765B1FBD216177CE96721B08C49CE1C9FB8454996F43D93A121CE
                                                                                                                              SHA-512:775246F7DA8B9F7A70AA8477F875335AB2C09E626B4790CC849F8E21F9D3C72638C07EB87D7F3926D35E5531E8CEDB43EDD93161085DA5CCD098E8E14FDA65BA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'4H4.....................\....................@.................................U.....@.................................l........................V...=..............8...................$........................................................text...X........................... .0`.rdata..L...........................@.0@.buildidQ...........................@.0@.data...@)..........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar.unpacked\build\uninstaller.nsh
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):333
                                                                                                                              Entropy (8bit):5.004954809170582
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:5ajgmITKHonOHt0TVzM0MtnUIyhDiU0d3nYtAhDi1YtQdrYQNv/EmQNv/BVo:5ypITSttU60phi3YtAh9turYSn
                                                                                                                              MD5:1B3AC2519171A3A2876C82CB3DA5871A
                                                                                                                              SHA1:8089CE60653B2F24AD04BA21DB6F314E58A0E7BD
                                                                                                                              SHA-256:0E0495AF5A6A7EFB71DF7D2FE20837D43E7013498640DB365E37767F0641D83F
                                                                                                                              SHA-512:C32F0B2E5BDFCFD8486791D3FECA353824A566FBA5CF46483C7C72576201E057C46C994A1DC36A0167BACD56A8CF49CC89BB4B6526E3956D3E3074C7603CFB0F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: !macro customUnInstall.. MessageBox MB_YESNO "Delete app data and folder?" \.. /SD IDNO IDNO Skipped IDYES Accepted.... Accepted:.. RMDir /r "$APPDATA\${APP_FILENAME}".. !ifdef APP_PRODUCT_FILENAME.. RMDir /r "$APPDATA\${APP_PRODUCT_FILENAME}".. !endif.. Goto done.. Skipped:.. Goto done.. done:..!macroend
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\resources\elevate.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):123296
                                                                                                                              Entropy (8bit):6.66451659344337
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:Q5bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl5SqDh:kPrwRhte1XsE1l51h
                                                                                                                              MD5:3954DFE3E7F6AD4613D1A622CC0C1512
                                                                                                                              SHA1:94943D42BB6DE07BE12BEAE09E37588820A4410A
                                                                                                                              SHA-256:E7C30CE9FB605C6ED2BFC4CAD5E594AFB83FE96F86A5D5E0FC75BA0FC0D6E517
                                                                                                                              SHA-512:036A1D9CFE7EAF729DFACA60C691467B94D33BA00C3A80181FE25C218CF5027B8FF68D46DEA9BE80314AB98E2D015A5C2D7B3597BA0D8D53492BF834C8001C6E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@..................................$....@....................................P.......x................=......T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\snapshot_blob.bin
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):280424
                                                                                                                              Entropy (8bit):4.674581087048108
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:WPWW6iqew6tts7P0sfWRisD46gqYbFDUCb:Yv6Tr6tts7B0iCNgqs
                                                                                                                              MD5:17718F062BEECB48E77AE05D9274F07F
                                                                                                                              SHA1:6611A5B88A70773B84E9C8B02D9DD9813D5CA557
                                                                                                                              SHA-256:55B60747E8833B2A62C2C94F1A2BBB2E5386A379E0C78D46F9B63666DED32C59
                                                                                                                              SHA-512:D9C57C5093B3092E320F09E6D3718306B2E64C7E788C7416E7D2D97CD6CF0A2794235B2227A576518DFDAAACCBCDBB46040019B179905126AC0537BF54CE2760
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .........2....`7.8.279.23-electron.0...........................................0...(S.......................>...Q..............`........`........`........`........`....5...`........`.......... ....m.`....$...D..X!q...X!5...X!5.D. ..M.`....$...D..X!a...X!9...X!9.D. ..`....$...D..X!q...X!=...X!=.D. ....`....$...D..X!q...X!A...X!A.D. ..a.`....D...D..X!e...X!E...X!E.D. ....`....$...D..X!q...X!I...X!I.D. ..A.`....$...D..X!q...X!M...X!M.D. ..`....$...D..X!q...X!Q...X!Q.D. ..`....$...D..X!q...X!U...X!U.D. ....`....$...D..X!i...X!Y...X!Y.D. ..`....$...D..X!q...X!]...X!].D.(Ja....!.....@......F^`.............V`........`.........(Ja....1.....@......F^`...........A.`.........@...IDa................D`........D`........D`.........`.........D]....D`...........V`..........WIa...................V`..........WIa...................WIa...................WIa...................V`..........WIa...................WIa...................WIa...................V`..........WIa...................WIa................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\swiftshader\libEGL.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):341504
                                                                                                                              Entropy (8bit):6.1852225121331035
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:+K2D69btDbN+DSNx/Ijuyb+s4y8JsAtrajfJAIfCtBswdDm:+c/+DFbFf8JfsdrAy
                                                                                                                              MD5:5DA9284FD8C7D9867140B3B068C3E741
                                                                                                                              SHA1:13751387779DE9487D25D1932C223A9A2942427E
                                                                                                                              SHA-256:CA700781604B24BAB2A4959B9A9E609835A634E20E076C3002CFA4F45E84221E
                                                                                                                              SHA-512:BE189D1D9CA58F967F7D419262549D6D792D16ECF028810D270E2743F319D43B2C8E9A36C82B2AF285863FA1DA36951CA02B3A47763E6A0C4C21843959538F69
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^.........." .....d..........D.....................................................`..........................................v.......{..P............ ...>...................u.......................F..(....................................................text....b.......d.................. ..`.rdata..TQ.......R...h..............@..@.data....;.......$..................@....pdata...>... ...@..................@..@.00cfg.......`......................@..@.tls.........p....... ..............@....rsrc................"..............@..@.reloc...............(..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\swiftshader\libGLESv2.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3841536
                                                                                                                              Entropy (8bit):6.238063506165049
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:42f+5k/DO3kxF2tDqVJlNEcmJYL2ig2t+Jm3xPS2BA7/YwFidZ0HYukr7W9J6n9P:bx/ekmnQ2Mt2+S2BA7/YwRtgUiT
                                                                                                                              MD5:242E255D68DA3244E0DFA409FC67E7E2
                                                                                                                              SHA1:54CA7837D9BB77DFD05F595240B3DB04041ACB68
                                                                                                                              SHA-256:56DCE7B7C441CEDCA33262A13A2E5F65FED30A2EE9E6A2888F18D56B96F3C5DF
                                                                                                                              SHA-512:A73EE2A3FCE944F92F1AE238A062A7A5A1CC770B9E0DFC4A42E9E74AFE1452B7367042A5CC5F261EB341FFA2736F4116158E3DBB0293D1DF3A78EC65BB6A37E8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....^.........." ......4...........1.......................................?...........`..........................................Z8.. ..u{8.d.....?......P>.<#............?..:...X8.....................x 8.(....P7.............`.8..............................text...V.4.......4................. ..`.rdata...P....4..R....4.............@..@.data....-... 9..4....9.............@....pdata..<#...P>..$...69.............@..@.00cfg........?......Z:.............@..@.tls....%.....?......\:.............@....rsrc.........?......^:.............@..@.reloc...:....?..<...b:.............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Programs\SideQuest\v8_context_snapshot.bin
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):701096
                                                                                                                              Entropy (8bit):4.977093429113154
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:HKD0vNuoqa+sNmrtM2EWAVBeKoGd9Wdv0HNdI9wALRLHi:HSaMmeK5dvIqAdzi
                                                                                                                              MD5:791E836529DC39D99117742C225A537D
                                                                                                                              SHA1:8D035C2446758EC65C41E48D3671004527A55772
                                                                                                                              SHA-256:6BAADC6ADCD5E51D549A4D2F07B619D2A5B97F99A372F33EFD3C84D2A369C747
                                                                                                                              SHA-512:AFCA91BAD91C359AF1FEBC86E5E0CF16B0B2549CCDB6AE1D733F9D66E0D1DAA4A3B96273D7888835DFE820722CA8D7E38B1085011DD7D6851A3198CDC18BBAC2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........\......d7.8.279.23-electron.0...........................................P...H}...q..."..............................h#...Q..............`........`........`....<...`........`....5...`........`.......... ....m.`....$...D..X!q...X!5...X!5.D. ..M.`....$...D..X!a...X!9...X!9.D. ..`....$...D..X!q...X!=...X!=.D. ....`....$...D..X!q...X!A...X!A.D. ..a.`....D...D..X!e...X!E...X!E.D. ....`....$...D..X!q...X!I...X!I.D. ..A.`....$...D..X!q...X!M...X!M.D. ..`....$...D..X!q...X!Q...X!Q.D. ..`....$...D..X!q...X!U...X!U.D. ....`....$...D..X!i...X!Y...X!Y.D. ..`....$...D..X!q...X!]...X!].D.(Ja....!.....@......F^`.............V`........`.........(Ja....1.....@......F^`...........A.`.........@...IDa................D`........D`........D`.........`.........D]....D`...........V`..........WIa...................V`..........WIa...................WIa...................WIa...................V`..........WIa...................WIa...................WIa...................V`..........WIa...................WIa
                                                                                                                              C:\Users\user\AppData\Local\Temp\adb.log
                                                                                                                              Process:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):809
                                                                                                                              Entropy (8bit):5.175106616344864
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:XCtHUfCpFtHRtHcwHHo6NtHYwityBt05KIRhNATUstIRh9t6ov0bmIRhsAjfP:SlUqDlRlcONlQGOFATFuFI50ALP
                                                                                                                              MD5:793D2E828BF73E4B3E5EFB44012D21FF
                                                                                                                              SHA1:AC2A4C2B444ABC18A46D555AE825314A3A5279B8
                                                                                                                              SHA-256:01BC3745C37DA7C0F8420EECA93C7228C001AF94DE4E0DC6D4E5627E1E57CD23
                                                                                                                              SHA-512:7C625D160FB4C72B337893080985986590816C50482AE9E2FC6D7FE788C0571F4756B9746535AA10CC5A0A7BF8C6972BF8F608225574CB99018EEC47EB0751DC
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: --- adb starting (pid 4168) ---..adb I 01-07 03:44:02 4168 1036 main.cpp:62] Android Debug Bridge version 1.0.41..adb I 01-07 03:44:02 4168 1036 main.cpp:62] Version 30.0.4-6686687..adb I 01-07 03:44:02 4168 1036 main.cpp:62] Installed as C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe..adb I 01-07 03:44:02 4168 1036 main.cpp:62] ..adb I 01-07 03:44:02 4168 1036 auth.cpp:417] adb_auth_init.....adb I 01-07 03:44:02 4168 1036 auth.cpp:220] User key 'C:\Users\user\.android\adbkey' does not exist.....adb I 01-07 03:44:02 4168 1036 auth.cpp:64] generate_key(C:\Users\user\.android\adbkey).....adb I 01-07 03:44:02 4168 1036 auth.cpp:152] loaded new key from 'C:\Users\user\.android\adbkey' with fingerprint 13762FFF335928B4991427050DFCC51951404E7A2AD69F60C608C112408C065F..
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\StdUtils.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102400
                                                                                                                              Entropy (8bit):6.729923587623207
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                              MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                              SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                              SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                              SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12288
                                                                                                                              Entropy (8bit):5.719859767584478
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                              MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                              SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                              SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                              SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\UAC.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14848
                                                                                                                              Entropy (8bit):5.715583967305762
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
                                                                                                                              MD5:ADB29E6B186DAA765DC750128649B63D
                                                                                                                              SHA1:160CBDC4CB0AC2C142D361DF138C537AA7E708C9
                                                                                                                              SHA-256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
                                                                                                                              SHA-512:B28ADCCCF0C33660FECD6F95F28F11F793DC9988582187617B4C113FB4E6FDAD4CF7694CD8C0300A477E63536456894D119741A940DDA09B7DF3FF0087A7EADA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.?NB.lNB.lNB.li..lEB.lNB.l.B.li..lMB.li..lOB.li..lOB.li..lOB.lRichNB.l................PE..L...@.dU...........!.....,...........).......@...............................p.......................................;..<....3..x....P.......................`..........................................................\............................text....+.......,.................. ..`.data...d....@.......0..............@....rsrc........P.......2..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\WinShell.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3072
                                                                                                                              Entropy (8bit):3.3907428713435226
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:eFGSizG71F+wwBhckFZEdnNLYFI6StBy1FMG/N9+ChRXZ76l/bkJZksWVtfa:iiGv+wwBh/+l42pcp7+jkJ2vTfa
                                                                                                                              MD5:1CC7C37B7E0C8CD8BF04B6CC283E1E56
                                                                                                                              SHA1:0B9519763BE6625BD5ABCE175DCC59C96D100D4C
                                                                                                                              SHA-256:9BE85B986EA66A6997DDE658ABE82B3147ED2A1A3DCB784BB5176F41D22815A6
                                                                                                                              SHA-512:7ACF7F8E68AA6066B59CA9F2AE2E67997E6B347BC08EB788D2A119B3295C844B5B9606757168E8D2FBD61C2CDA367BF80E9E48C9A52C28D5A7A00464BFD2048F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[........[....[....[...Rich..........PE..L.....1T.........."!......................... ...............................0..................................................<............................ ..4....................................................................................text...B........................... ..`.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\app-64.7z
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:7-zip archive data, version 0.4
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59478281
                                                                                                                              Entropy (8bit):7.9998689143903015
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1572864:t9PaiPgxALPRr4gKUpvYG/HBJURWuLU4d9+Bnr:XO04gP51HvUfknr
                                                                                                                              MD5:53659593E9C4BD837949EC08760E4679
                                                                                                                              SHA1:40A557B861F6D39245BBFE2AE637B21DAD7A46EA
                                                                                                                              SHA-256:0720EB29FF1D34E3D003D9B57AF19195BE10708D37BCFCEA34BC289717E9DE1F
                                                                                                                              SHA-512:8604A52AE6A38636563C34B60244B16EED8F1C052272654AE9926C036EEC895526468F78420A50E9AB584D9ECDC8B64C01BDB92FF8185E0D1CB6FA886A82419E
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: 7z..'......p.......&.............9..]...6....za......@.8..qh...j..\Ed. b.E......j...".4\....\..:H0...28m.....D.K..n..}.@.;...."..kCp......Rx..k.....v.E~.WI=...n...\*..5.....-C..4...m.{)..........C....S._...e.3.\e3^y=....0..%...MA...>.d.w...F....9....c.v...ir@9..q..(............#}.-...3.....~.d<U......<..S..L..[...s..}...YXh/...z.O..7Z%h..'./K.......@......{B.......1.c....b...K.hL..cB.. .^.Z...%.|...(<.j...Q.K<...].\0Uy&-.K.,n?..../.8..;.E....q.;.....?x..s.o._..2g....(..h!....._D..I.&..4!@.ekf.5E.i....R$RO:rP...2.c!?......D?..-h.cR.s.3...y..4.`.UT..#h..#.p.46![....8.FYS.q_.z...._.O..z.F..'.p...n>F.Pw`....tB3P..'.QgWm.=....../Jx)....-P.\.......H..f...0.;...=......V..(.T.P....#r...Gp......&.&.3.T.S..o..Y.^..^...._...4?.x.aW..0J$0W..._..g.Xu...DZ^&...Y...........m.j......x:FmK2.......(..L...t.\Z8?5..4.(..[..|.T{6...f.%.vP.H-\.6.,....:...7.% r.....Fl.9M|....7}5.#.#......&.j...9.....h...S]..}......K_.j..(.(.w..B*<R...e...,.Z.?'..&.2f.^.....
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\modern-header.bmp
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PC bitmap, Windows 3.x format, 300 x 114 x 24
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102656
                                                                                                                              Entropy (8bit):6.047069603634058
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:172aIq6pHc50fe5pJxAwxHIJkXoc4TLnB985wQWbBPlX+DgPseMRs:R2Hcb5pJxAYIJkXHgj85RWbbNPos
                                                                                                                              MD5:F6920811748215D46380059DF568318D
                                                                                                                              SHA1:9D20ED8BD1194F67920B37F5346B7ADCDEB5ACA5
                                                                                                                              SHA-256:61AE2D5306A567608910432E53A4CFF6B4E3F15F62CFF0302E11FBA6BED7F1A1
                                                                                                                              SHA-512:11CABB204E1D408D14A12E529BB035E2A66BCFB0B10CD7FD2A39A75EEA7F56D985CE850DC509DFBA4FF5A949B413291E4BCF2B43F0029658FE9CD4E918352BF6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: BM........6...(...,...r..............%...%...........=..>.!>.!>.!>.!>.!>.!>.!>.!>.!>.!?.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@.!@. @. A.!8..*..+..+..+..+..+..,../..6..6..5..5..4..3..3..2..3..8..@..B. B. B. B. B..B..B..B..B..B..B..B..B..C. C. C. C. C. C. D. C. D. D. D. D. C. C. D. E. E. E. E. E. E. E. E. E. E. E. E. E. E. F. F. F. F. F. F. F. F. F. F. F. F. F. F. F..F..F..F..F..F..F..F..F..F..F..F..F..F..G..G..G..G..G..G..G..G..G..G..G..G..G..G..G..F..F..F..F..F..F..G..G..G..H..5..0..1..1..1..1..1..1..8..=..:..:..7..S. t./p.,n.+t... 4.#:.":.":.":."9..2G..I..I..I..I..I..F..U. .!7.#:."9."9."9."9."9.#9.$8.$9.$8.$8.$8.%:. 3N..I..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..M..N..N..N..N..N..N..N..N..N..N..N..L..W...%6.'5.'4.'4.'4.'4.'4.'4.'4.'5d.!J..N..N..N..O..O..O..O..O..O..O..O..O..O..M..."-.'5.&4.&4.&4.&4.&4.(3.)3.'0O..1..5..5..5..5..5..9..B..C..A..A..A..@..?..:..\...#+.&0.(2.(2.(2.(2.(2.(2.(2.(2.(1.(0.(0.)1.)1=..>.!>.!>.!>.!>.!>.!>.!>.!>.!@.!@.!@.!@.!@.!@
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\modern-wizard.bmp
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PC bitmap, Windows 3.x format, 328 x 628 x 24
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):618008
                                                                                                                              Entropy (8bit):5.819105184676242
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:rZf7lJQYlrnXRyqyYhqrX1C1xW3hbMXoCXsob:5dhCXdYoCXsG
                                                                                                                              MD5:89834971C4254FEA385C7B2F72105E28
                                                                                                                              SHA1:6EA0A607B05E2E7BC8349D65C1B946DFC3D3BE6F
                                                                                                                              SHA-256:4F56261424B3C684C319F959591607FE42E29DB47D3D408B9F8E70C3F5D333C2
                                                                                                                              SHA-512:A78A4F76391DDA350D7053524B7B5B8A71A79C80C79EBA7ECC9504376638B38F9176DB3F3CCDE28A88A7DCAB297A7BCA2DE2AEA5D9F50E911023AD86DE7265B5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: BM.n......6...(...H...t............m..%...%...........J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!J.!K.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L.!L. M. L.!K.!I..@..<..=..=..=..=..=..=..=..=..=..>..?..A..A..A..A..A..A..D..E..F..H..J..K. K. L..N..M..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..L..N..P."O..O..e.,.";. :. :.#;.#;.";.";.";.";.$:.$:.$:.$:.$:.$:.$:.$:.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.$9.%8.$8.$8.$8.$8.$8.#8.$8y..T..L..N..P..N..J..L..N..P..Q. N..N..O..P..O..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..O..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..Q..O..M..M..O..N..M..M..N..P..O..O..N..L..K..K..J..I..R..[..j.%x ,.$2.'7.'6.'6.'6.'7.&8.&7.&6.'5.'6.&3.&4.&5.".P..O..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P..P
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsDialogs.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):9728
                                                                                                                              Entropy (8bit):5.1559889224761974
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
                                                                                                                              MD5:466179E1C8EE8A1FF5E4427DBB6C4A01
                                                                                                                              SHA1:EB607467009074278E4BD50C7EAB400E95AE48F7
                                                                                                                              SHA-256:1E40211AF65923C2F4FD02CE021458A7745D28E2F383835E3015E96575632172
                                                                                                                              SHA-512:7508A29C722D45297BFB090C8EB49BD1560EF7D4B35413F16A8AED62D3B1030A93D001A09DE98C2B9FEA9ACF062DC99A7278786F4ECE222E7436B261D14CA817
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L....~.\...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsProcess.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4608
                                                                                                                              Entropy (8bit):4.703695912299512
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
                                                                                                                              MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                              SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                              SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                              SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\nsis7z.dll
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):434176
                                                                                                                              Entropy (8bit):6.584811966667578
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                              MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                              SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                              SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                              SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\sidequest-updater\installer.exe
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60406464
                                                                                                                              Entropy (8bit):7.999626738995975
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:1572864:fs9PaiPgxALPRr4gKUpvYG/HBJURWuLU4d9+BnK:f8O04gP51HvUfknK
                                                                                                                              MD5:7D2DF347C736EF512461B7F8764FAE3E
                                                                                                                              SHA1:DE6353F26BB4158CE96D716BE8D4B1AAFBAC7311
                                                                                                                              SHA-256:9B787162EDB7C1AA52CAD220F9EF6C4AE200DD10AD83D5612E81595E2B5E5DD8
                                                                                                                              SHA-512:FBCBEA56B262858459F0CEA1AE86AF40327070FBE731C3FB7E2DC1B4D94D720468883DCD4593A4CDE4A98C78FBC18C231210075ECAB52B0DF8FE1F1D9245ECA3
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WP.9.1.j.1.j.1.jHY.k.1.jHY.k.1.jHY.k.1.j.1.j.1.j.o.k.1.j.olj.1.j.o.k.1.jRich.1.j................PE..L....$D^.................v...b...@...9............@...........................$......l....@...........................................".H........... }...=...........................................................................................text....t.......v.................. ..`.rdata..j+.......,...z..............@..@.data....#..........................@....ndata...................................rsrc...H.....".....................@..@........................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Local\sidequest-updater\installer.exe:Zone.Identifier
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26
                                                                                                                              Entropy (8bit):3.95006375643621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: [ZoneTransfer]....ZoneId=0
                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SideQuest.lnk
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Jan 7 10:40:59 2021, mtime=Thu Jan 7 10:41:03 2021, atime=Thu Oct 29 19:21:38 2020, length=104846752, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4945
                                                                                                                              Entropy (8bit):3.856405263206123
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E5236320D201F6D77EF5C828161A4095
                                                                                                                              SHA1:ADEB4FA10D5A65FE8EC5311B720183EB3CE0022A
                                                                                                                              SHA-256:974A6C13D9840A8B6B0DEDBA32C9DC86443B404B65279C0456AC3334ECCA1765
                                                                                                                              SHA-512:B3ADABD68F1347971C190985FB544AC8B09B633B6AE4DFF2594C55D0F8B02583C36CF0DE5EDD5807E7ABB15EAA5C145CD5AED15D8607FC7FEF7D51297C5FA387
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: L..................F.@.. ...x.......Z.a.........1.....?.....................,.:..DG..Yr?.D..U..k0.&...&...........-..zK..:..............t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny.'R.\.....Y....................f.(.A.p.p.D.a.t.a...B.P.1.....'R"]..Local.<.......Ny.'R"].....Y.....................$..L.o.c.a.l.....Z.1.....'R.]..Programs..B......'R.]'R.]....zk.....................2g.P.r.o.g.r.a.m.s.....\.1.....'R ]..SIDEQU~1..D......'R.]'R ].....s.....................f..S.i.d.e.Q.u.e.s.t.....h.2...?.]Q.. .SIDEQU~1.EXE..L......'R ]'R"].............................S.i.d.e.Q.u.e.s.t...e.x.e.......l...............-.......k............h.[.....C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe..t.A. .o.p.e.n. .a.p.p. .s.t.o.r.e. .f.o.r. .m.o.b.i.l.e. .a.n.d.r.o.i.d. .b.a.s.e.d. .V.R. .d.e.v.i.c.e.s. .s.u.c.h. .a.s. .t.h.e. .L.e.v.o.v.o. .M.i.r.a.g.e.,. .O.c.u.l.u.s. .G.o.,. .O.c.u.l.u.s. .Q.u.e.s.t.,. .V.i.v.e. .F.o.c.u.s...5.....\.....\.....\.....
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\.updaterId
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):36
                                                                                                                              Entropy (8bit):3.7289721408610004
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:3DCE3D0F8ACC6B7180003AAA3A285EC2
                                                                                                                              SHA1:62944B7175F3DE1B138B5E98FA7B6B2AAEC3C9DA
                                                                                                                              SHA-256:BD5B0ABA091A23C22B4316A7D3A3D0827CE06CD4FCFB30C6E15CFA3BBD4B7BB0
                                                                                                                              SHA-512:8082C5E7EF427291F253F85009584BAF27CE468CC97B082E3304685ECCD15A7C573261D68C2A079F06CED4E284B2BEB1BEECD97080859647B546D0B4E75B7F47
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 81b4ae74-438b-5410-b2c7-59e3e74d9bd8
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\3f6b04bb-e384-4cf8-afb5-bb5316b7f714.tmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):213
                                                                                                                              Entropy (8bit):5.233363442246306
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:052FB15A3BC19D4958F8F4FAF88AA01A
                                                                                                                              SHA1:C2646B1B38FAC23576FD62BBAB75EAA1E2BF8622
                                                                                                                              SHA-256:80B24AC039C48C5145AC047732B073180F03CF2278217464DABA7BDC62F4D7EF
                                                                                                                              SHA-512:69C473D03D8F64C7229D5394FA3B997EEEDB8BA401E44BA4B281BB24D06FEC08F51E6CCA419801F9E551DA557DE5395B959004B32C59C20BBE039522A788DEE0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {.. "nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=": {.. "expiry": 1641555798.787294,.. "mode": "force-https",.. "sts_include_subdomains": false,.. "sts_observed": 1610019798.787296.. }..}..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\480692b3-14f1-482d-a9f7-fe546483eb9c.tmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1658
                                                                                                                              Entropy (8bit):5.349758294000309
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:35919D1430DF26E2F6F85663A50567FB
                                                                                                                              SHA1:401B07BA898462AC2F636848EA7D3DFD01F2B224
                                                                                                                              SHA-256:88549286DFD1A78828ED88FD2BFAC1269336D7B8EA428D69E7261F28363B18F6
                                                                                                                              SHA-512:DC25FC12A10C1F99F3DB7BAFD0AF2A5047B9DFA2BCAC1CB86D59D890A06B4A322A7494BC4812AA2A4552235B4177DB66094A0F712982D4376B47888840FE0C34
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {.. "0oFmTXCSNYAd9MO5I1CTIOeB2pfYsTCq1thfr+zV3n8=": {.. "expiry": 1641555900.891336,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019900.89134.. },.. "E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=": {.. "expiry": 1625799838.348279,.. "mode": "force-https",.. "sts_include_subdomains": false,.. "sts_observed": 1610019838.348282.. },.. "M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=": {.. "expiry": 1641555838.473773,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019838.473776.. },.. "c/W+ZspMpyGX8rz3nm34bsWrW9lyFRLOpVLFvhmlb6Y=": {.. "expiry": 1641555901.98364,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019901.983644.. },.. "fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=": {.. "expiry": 1620906240.766926,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\577fb1c9-1b8a-4b4e-86ff-356c4cfb30dd.tmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1024
                                                                                                                              Entropy (8bit):4.641196847429404
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:10FFCBB7EC81CC495CBE0A32DB3519EE
                                                                                                                              SHA1:923F7C2E385B73681AD6CFAE9E9B01E5ABCB78B9
                                                                                                                              SHA-256:51448C8F8886E4E5B99F82D654DE4A9143658CB62F93217624811D6487EB1589
                                                                                                                              SHA-512:A6F2868AF5515D615992AC2ACE2BA5A4C80144873421E84A03D9AC1D810D9574A765FFF1D9EFE31A3A7BFAAF259A5BFDE75A1F6EE835983E8BB461C3C3DC65F5
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://cdnjs.cloudflare.com","supports_spdy":true},{"isolation":[],"server":"https://cdn.jsdelivr.net","supports_spdy":true},{"isolation":[],"server":"https://www.googletagmanager.com","supports_spdy":true},{"isolation":[],"server":"https://sidequestvr.com","supports_spdy":true},{"isolation":[],"server":"https://js.stripe.com","supports_spdy":true},{"isolation":[],"server":"https://www.google-analytics.com","supports_spdy":true},{"isolation":[],"server":"https://pserve.sidequestvr.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://api.sidequestvr.com","supports_spdy":true},{"isolation":[],"server":"https://m.stripe.network","supports_spdy":true},{"isolation":[],"server":"https://m.stripe.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESA
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\9fc8a8e6-ec08-44d2-b6c9-28dd7397b14d.tmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1658
                                                                                                                              Entropy (8bit):5.353650076915289
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:1671F140FEDAF81D5EF8963373486603
                                                                                                                              SHA1:8A98101C71611B070E3C7B0E7306AB4259CAAE9E
                                                                                                                              SHA-256:E36E7B77AD861224AE70654FD2C46C17A1E7548318154304BFC62289874FE13A
                                                                                                                              SHA-512:72B390A3B87F69B91BAE363B1D8689CEDE594014C627F222D7947C251E0144BD9CEA56E7C37ADB832BAD4BE087FEBBE8CAA50931E4EEA0A8E3A173C8B69DC330
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {.. "0oFmTXCSNYAd9MO5I1CTIOeB2pfYsTCq1thfr+zV3n8=": {.. "expiry": 1641555900.891336,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019900.89134.. },.. "E10e7Gwg5+phsYD4E8qNYFsQySXnIHPAfo4zloUPESc=": {.. "expiry": 1625799838.348279,.. "mode": "force-https",.. "sts_include_subdomains": false,.. "sts_observed": 1610019838.348282.. },.. "M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=": {.. "expiry": 1641555838.473773,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019838.473776.. },.. "c/W+ZspMpyGX8rz3nm34bsWrW9lyFRLOpVLFvhmlb6Y=": {.. "expiry": 1641555901.98364,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_observed": 1610019901.983644.. },.. "fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=": {.. "expiry": 1620906240.766926,.. "mode": "force-https",.. "sts_include_subdomains": true,.. "sts_
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\data_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):93080
                                                                                                                              Entropy (8bit):4.8301714705243946
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:3260753AD9F4E6766A41EF37FFAE8AA1
                                                                                                                              SHA1:783C2A972C43E6C4E25A516522FEC95D1FAD08D4
                                                                                                                              SHA-256:C26CC66CA36E0767ADAF965B5B2E30300B5B14AC390C13A0958CB48CDB6C264D
                                                                                                                              SHA-512:E413C2EBDDC19731C0BDA5F0FC633BAAD040DECF994FF82863692ACB01A50DDD184CB0A21E80BB2587238E99FAE5DE9166F51DEA6A3C2D6B8031A0310AF88032
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\data_1
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):106692
                                                                                                                              Entropy (8bit):3.9998870390370813
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:33106B88B1C26993DF9EA5DA2719048A
                                                                                                                              SHA1:A61BCDA1F4DF657C8B06C32C9D843E5AB20D1F28
                                                                                                                              SHA-256:72F8558E60D97496CEE2238F00E0D967ED91D949C43E9441227A72AD2B2343FE
                                                                                                                              SHA-512:EC1A81502F837FE9A69D46D6016D4705207FCE5AFC593A702B750B9B86AF90BF8008471BCC0BFE1CCAC30230448E13A17984495003C0E795CF64108B97C24B91
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\data_2
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):314851
                                                                                                                              Entropy (8bit):7.206244767046083
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:2E8B626AEC8B0C87FDFE85FD01CBBD88
                                                                                                                              SHA1:038270A13FFDC0E71072C2CF292FE3E1A9F5F4ED
                                                                                                                              SHA-256:2F6306EB146A3A10ACC48D4F29BF7F7DA092F1836C1BC318B331EA49AC39C311
                                                                                                                              SHA-512:DAAAB40A2E002F5D7D0F3BFFCA2AFC956DBD17F0CFFC0CFEDE297F5D0B5764A27B4170CDCD852481A1FC71ACF9CE9605E37C3A156AC221BB0CA78A63660A2BDE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\data_3
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):202460
                                                                                                                              Entropy (8bit):7.589689769226653
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:D683C001D04F2027FD757E22AD871CFB
                                                                                                                              SHA1:5AE59BB51E921B63DFCC59DA7E03AC8D44AD156B
                                                                                                                              SHA-256:183C38363AC0A3E2F04C4A98B11CBF5E19BE16E20251601FFAD9DE00766F14DB
                                                                                                                              SHA-512:5B6DD35B8120171D13AD92704DDFCFC6A89FFF43A8E744B1887922A7AFAB33B6FFD3C94E4C29CD478CF8879AEA59D1C2602C390D490180F5C7F322BEB452CCCB
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000001
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 98996, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):98996
                                                                                                                              Entropy (8bit):7.998238212784473
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:7A0DB084238A8273C4AC5418DFDA1765
                                                                                                                              SHA1:8B9E5815C3BDE17F9891C1C898C945C46C25B448
                                                                                                                              SHA-256:7AD86C4F2DCC7C2EE5BF7FE5B3E29DC57368C7B2224E1674C90E6A095EA1EB19
                                                                                                                              SHA-512:242A5E984F23606BF06B60120AED3B863190E8FF682AF12EA695460FA38AA2771495D56F6C35C037D060F4FB2959204BBCF8AA3512F2D25E97335BD35D6FE4E2
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2..............A....Z...............................8.`..2.......h..8..D..6.$..&. ..z. [.^s.U..I...zt.1.t.........N......\..(.O....x..?......4D.r.K.m.C..@E.....X[W............g.:..j.k<..~.'$;..,...%..V,ji..-..).-N.[]j.e...D..[cBw.....r...JT....nZ....=^Cq...C..>.._S.?.j..=.u_.K.S.z.......gx=.v....qG..'.....=.o.../.b..........Ds+*..H........R.Q..l3.A..r...DM...,*.I..)]..6..qc......#.#..C..S.-...._.1;.....B..cE...'y..R..W.fYgK.Y....Ok0.u.V.i...0...* ..W...Nh..,..Mf.gbRbe"..'..//.......m....j].}_..;...@.. ../X..q..!T..r.b.z.....-7.....8s.Y.}wf..J..mI....2..*IZRI..;.6.F...~.o.np..J*S....".*L\.D...U.Y..n.K.J.+X.,...I7..26..;H..}....@.aJ...;H.@Ep'.J..T@p.j..e.....J.....C..%..~.~3..f.s.w$.P.=wQR.........K..+.J/..^...Y..u.M.n.+.+?..f.pcY_.{@X.....p..............DD...*...V.vZ.$....N.Lu...P....!..M.../..o..N.J......i..2l..*.."""~;./.%....7....i.jH...x..^....K....l...M>A.!6M.A..x.]D.U../!../.|........s...H.%..N.(...\0.p..8w:...~..8..p....v.:K......f...
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000002
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):27198
                                                                                                                              Entropy (8bit):7.993266787837814
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E6C53A95DDA05CE8C9D842E5AF8C34CF
                                                                                                                              SHA1:CE2B3F0D8E32F95A97AFF66F8803AE7325ED36D1
                                                                                                                              SHA-256:177EBA24B78161B230B5C51DD8AE40369EA5F18D98A7906BDBA6319FB9885636
                                                                                                                              SHA-512:C9FBF82FBAE5B528E242A115EC76BBE0960E5A62150A11DBEEF7E891B1B99659276072BB473183F74A55B09419054A6A29C8F374902908C89BC2291080BF2783
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: S'..EI...^...DNZ=..)...........N......g+...r.k..(S-..i....^f.g[<..D&]..A....l...I.........Vfclofe.....%..g.w.{W.?@.@W...n.1.... .$...f...Zu7... ......e...F.....|.z]...+.....6D..%Hm..6......*B...Y..B...Y...*.....J[_.<.i..a.zvV4.].I3...p.K...Y..}.....@7.m....P..(.....{..%._..7".6..!..9.j.".."...52.K..Tl.&../c..o.-..p..x.1.m...xP...$lfC....4k......0.1...cAT0.7.....4.3.ts.................V.!A....&uoT..<...U..zo...F.G.s..c..r..}j`....4.ha.N.-..}....Xc...E....j.S.:....H..Bu..(......J:...i...ng...95)'..m..?V....`1..,.l...@.E..Z../d.t.Q]....sx`.N......|./.l.O......t>........^....N .l.n..C.V.N/....H4.Q.K...?Y....N..|..s....a7.E.:.<..)?.D....]..@K.Ri(..... ..>.q.N.AGF.q*jU..7uh'.Am;=...O....c/...........'.Y....~;..@.O.:..X=.q..J..K>..0.U.b../6~a.4{..d.[.........3....f.a.^.d...I..W.F..M.P.....y#f....M...M.....9H....{.....Wn5*d^j0$..G..(....<t...>j..+E.... ......2.yg.=.<5w....jCJtNm..W.F.V.G..T1.fP&.....v.).Y.\_.c..*.H{N5..Av..J...p..T
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000003
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22040
                                                                                                                              Entropy (8bit):7.990742014110358
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:EEBFD490CC6CA7C64CA072A540AF5100
                                                                                                                              SHA1:3B8E5588E5087495AF6FB1E4F81C05BB442383E6
                                                                                                                              SHA-256:421D7196FDB10B319DB095B13AD64DAA9EF676C3C76A1EC6A141DBF092CF2584
                                                                                                                              SHA-512:69D34F443C883EAF79A788D56930A231A93E2CCF3047C113625B4F559A2BBCDFD808FD2B043EB6363EE788BF8ECD8C6C3B1BB4FF88F53B7209BDC358C1A03930
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .b..F$g......s...2...~m.y...B...'g./MH.L.2..4..e.{.j..#.....o..F|..d.Z7[.B.+....G!S.E.{.{._.5.U.h...........lF......Bgf..W.8. ....,l..v.m....m...Z#[.3...%SfC..R....!.E.S..C.M.u....@.&....vt..U.D.:".(=.....ykZ..7|..>.(.K8.....7........=...vn.t..v.gq..Jqb........c"q2 .|.Y.(:.$.....W9...r.......*E.w0......_f1.#"...z...U..}...T.D..].^sJ..&N.+..........v.EZKW.._...."C.h.u\$....5V.T..PL..<>.Ai.J...p}.}.B....x.Q.C....uf.f.]..g...rK..RS~...4DD...!S.P....5.}.I|...C..hw.TyO...^.*T[..T.....N{.....k....(Q....o.m..j.T...........u ..E.%...Ld..*.....G..6.h..$..G*......q......}.X.b.?...f.>W..z........~...`...h.....~y8..bd.AT...h*K\..P.%.L.`;..X..:.9....... !.[.w.0..e.Q.f.p.u}......d<.3.v~.8..$..?B?{K.y.3...dt.W.QHW..V...@....!.*??..Z.%.....e.."......`.E....l..N.z.......4v="...l.3...B.....Z.......I...0=.+..>.5*.....hc..R~.tC..........[N... ..|O,....>}S58.A.2%..@X#...,`(S...O...|m.K....f..*j.+q.Q`..4_.....?8.E9V.y.V...kKU.8&.(.......c&0.\Q....A.+V..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000004
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77248
                                                                                                                              Entropy (8bit):7.996879982453357
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:655D6492EB55A27A7C4AA0C75F7C2FD1
                                                                                                                              SHA1:CC194BACC7D269385F91264D9C7E5E9E2E859208
                                                                                                                              SHA-256:F673B8F5306CB8A3CB14F2A4CB8FD02F80CBF054CD4021A37758390763167F17
                                                                                                                              SHA-512:4AF422B137582A6DEC6013B046EB281DD5FD33FB7C52109466D24097C48635DDAE232727BAA10E3DEC8824B176FD6D7D78AF394930A929FD223AE293ED58712E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: S..C].Y...P.8..aZ..z...W...MEl7....).I........?...i.qA$$!.......3..z..........^...Y...g....U.....8.....t.....3t#......H...\{.s..{..7.....)....&K.$....0...J&..|S..Ff.....d.\..zj..HgtO..m....k;..$........}...nk.1.T.B...C...~.[...A.c..eT...=....;....B..]...B....2....?I....f.7.&.m.60.....s....[.k)?....y...O.J..H.N.:......A.<.Y....o.a".oLk.....zR..._f../f.s..`v.O..ukv#-w...5-%.@..].a.....G......=..C.J6.Q...O.j.+..0.l.....-PY.$..1/@.....r{....5. 8|...u..~/.....RX.P.....F...~..x...2r....h-....o/+..{...}..&*E]S.c.k0+[.).$....<6.#.JF..k...+P..r>?.C....e$...6x.r.{1tm9..F..&...+...j5:.v.....d...T.vN1k5.....".roQ/...i..)=.0..M........u....|_..A.-Ku."./,....t [{.+]....d@.w..J.....y..W$+.;....AF......u...m*..r7.GKs.+.....x....{.?\}..?....;u2Yi._...S..g..8.Dik)de4..|.w.....}o5.S.-_..2...Y53.....3..6L48.l.~..Q.....A..w...^2-....x..c3..I#o..?...V.rC..........8....<(..q1..~.....,K..>..v%.5#.w(...G6Jk...... :'...V..#.d.lD.+!u.}:..6..Q.|M.)$..hC.... @.....[...w.O
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000005
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38966
                                                                                                                              Entropy (8bit):7.992062383554133
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:D3C9725847F0DB4250A879302C4D3D91
                                                                                                                              SHA1:7C8C80CA87C71204C43978591413B40D938F70DC
                                                                                                                              SHA-256:597768BCB8C720AFCAB1B744D0171742CB586DC2D8EBF4452A950FF4DB06172A
                                                                                                                              SHA-512:16AC9D5EEAC5EF26361AA312DF996674F42EFCCEB1C3BB547D205E97E992C87E33DD077081C5A445F0CC8755F63CDE07324D5AD3E078A6A72F2B99E373959441
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: [..1.!l...R.C....Z<..H]...._..M|..|.......|5....LO.4.Z...5..y.IV.q.....i.G...g....k...K.KwG..ic".NM.d[.1..=...e..~..ke.m^;....Ju.:.z.f....!.B.....1IJ.C]5..m.MJ}j...k......3.F&.#q...F....h.$.fB...Vo.T.....$5.(.f..jv)U....XH.......!.:V.nCs..../..... ..........s....B.*..N.}.Ji=:.Oc.......+b..{..Y..._..F.1..x..`goo.}..(..u]...E...q..S.Y...e......gF.rF.q..v.m{mY2.wf3vT..d.....f;..[.rB.K.qg..1.N...[.n.c.....{...l..Y.3{...@}....ve.[{o.%C......=...%.......Y.V.%1.....L....]?....X.=..%.....f.f.m..e.r.?....0..<....m;TK.,.............7q]..I.m...]V.....x;.]..wfW......m7v...v.\e.dv......a..|..oQ..<..)a.IQd]x5...L.......M..$..:.Md....'...y.....a.........]=-U.p.}qa5.^.]........P..M#$$ck..DK!.{...N.a..I.Y=..<.(i. .KW..S.jg.$...}.)..Lw*'.-m....}.rPJ..S.l,..J.2..?...H..c#i...?...ooq....t'.JR#."U...L.#'....W....*....T0..Vi...1.....y.K_?..i.w..s6.6...f.q..R.e..A...6..'.-%..[.....=..JA.8.......dZ9....p.X....gU;SP9. .a.i...:...}...P.,j..5..>=.M.O.p8..B...
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000006
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):514739
                                                                                                                              Entropy (8bit):7.999408360272209
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:973E7486B2EE094D6340BBF82B2DDA3E
                                                                                                                              SHA1:30919D8F30788CA3B0825622C878B6123814B998
                                                                                                                              SHA-256:4C27C4D45BFBE04901AAC35454E89F267C6E155552EB9F2A03DA12DF4E9028D6
                                                                                                                              SHA-512:FFEDB4BFD23E6A003B1540C708E61C27C750CAE049CAB85B8173BFCF54BEDB0384E44364B27933EBA19B0429ABFB4ED583305F23A4B1C8E4C19E2041008E5F1E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...s...... ....D.....u..rQ....y.I...UUU....j.@...~.................`......h2[XZY....;8:9....{xzy.....R.Z...1.....S.?%Z..5...4...,..E...lCUmZe}.R..{z..R..6H...2.A./....&.....?];.+.5..;`..J..@......o.t..+T{..i.ds.&..D...ieK.e.K..G..!...'.eB......+....V....f2...).\]....Z....T........8`y.......%..>p..........U.F.jbpMa@66.I 9.TW.O..t.....4as:..]..N.O.|.._....[......X..j.*@)\..0.. .t.H.)%3..HQ.;.l.k....6o..j...s./.~....y<.p-#...T..qF....<.B.)Q.(#U)5....,v.......wz...?Y....hw...ff86.D..7..J..d.....]e..`_`b.o..a./=~....Y....4X...4.....H....z0.%..C.).J..Lkl.......5.f..t5..#.e...`.p..[z.....I9..Q#dF.d1..?.../....y..F...8z......k..T[...!........ .F.R./q..K.....#......_ U..a...V3"K....vJ.S..o..= ......&.....GS.....;.......}Q.E[.....r"P$#Ki@.M?j....S.....o.....g.S.I....v.3.....g...)..9.9.T.0Y?"M....:.......@J..s#p.H("2.N$ 5.RU..~ER..,..(uSmU..PR.7...d@U.....F......]..:.T..J.CR.1..m..3.Q{.(.Gn.........A...M..6.2/e:...r.........J{..*......d./......_ik....s
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000007
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:gzip compressed data, from Unix
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50840
                                                                                                                              Entropy (8bit):7.99573625757384
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:34FBF08677B7AF71BBC5F951392934C8
                                                                                                                              SHA1:F2E36E9E3D7247E6597695812BBB2A0E0A69C414
                                                                                                                              SHA-256:B47591CCD9BC848944BF91E0303DE2A68DAC9ACABEF4E52088E9A94C247269AF
                                                                                                                              SHA-512:FD0D20CB24C1B6C88571EA7484970960147527DB91CDE150BB9DF6B16DB254697B8A6647C5A94500F9B76882D6B2F24453187EE817E06FFAC2722AB354B0DE87
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ................[{s.8..*2kJC....$.Y*\.c;.g.Z....)XbL....[..~..$(......q..H6..F....@k...e.q.{O....i.7.N.2.).v.........z..y&d.&2$P....O..-......~.S.8JSW........G..m.E....zq(P..U..`7.e..=?._}a...u....L.....x1c".JY...&.....',z.Sp.z..a....av...~.d6.".h....*........l\..Yx.K....%.i....5.....e.+......ef.d..o...TWNh.$.]...=.h.yX2...I.."M="..AE^`... Q.JgY.z...~...\j!K.:...N..<.4.....".h.J.X.....d..S.U.}2k......z%....`.K.N.@.|I.e....."..Lf4..4......j@4.......o..{...N..................dJNEv...'.$..>..L..y/e|"...m..;.kP.....*/........Poq..^......].....[...4......x.x8.W;...=.;v....V5.P....-8...!8[.=..,.e....2.T.#....F...3...a....5g68".Z.$.h..e.j ..q..T(.A..g.pmA=).....q.x.Q..ZRR[..E..xJ^.......{)1H..?.A?W.).....,...$f.2.f..$..5.$..n...K..QU.7....}.....uo...p]z@....D[4.|.........=./..h.I.....wo.P.L.@.CU^.6.n7q5.WZ....\.8.....V...Fr.......k.......`.^.......k....Ps...1...o.......R.. ..Zi7....z...(......+9Mr.P-...@./UX..,....a`.E.XT_....R..RC
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000008
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30419
                                                                                                                              Entropy (8bit):7.992054677200716
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:FF3751981F778E0828C31373348D13A3
                                                                                                                              SHA1:E6445446D031438B6C0C11A781C22A487C85C4F0
                                                                                                                              SHA-256:CD61CBC8DDAF8A7BBB083183F7F7E68FDCEBB8D03309F31E7FB4FFC38A6F46B7
                                                                                                                              SHA-512:3517F719ABB08370A0B28C4C6D383A00060D619AFD5A4DD55305F81111D80FC73ED0E94CE058E34D4DB8BCA9EA656F1A88B1AF5E180788B9E8C7377E5A2325BA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ....L...v...Dz..>..v.<t6..p<....i.}......N....T.P...C...<..n....Z._.U...?0..j.?...r.3........a.....j....t....Ae...O...w#6.z..._5.%.....sf....X...._[...x.Y.7..hw@........(..?........9...&....O........|N.0..+.R9........1...b........2.g...?.K..(.....?.A..!....v8......0.#....s...0.2.Hf0.|-b0....?..q6.e............!U.g..i....i.nm..e..c...I...#........-..G.4M.4?.v..R.b..2. ...k.^..+.sE...l._.....b...D.3...N.qs...R.C..mr.|....6Yzs...tST| .Y4.Fs.i{.*b...j.xZ.y...d..G..;..#..C...J......e...../..Nai..i.i.....i..k.f..m6t.U.,#.:...Y...2...'.s..t.,.5.r......-.:gV....^h,^..r.C.<...k.?~.../oh.w....>...1..u..i.V8^T.8vg/}...q\..O...^J.k.......z'#].CM..z.{Q<I.....#..A....~.M.g/.DV.].K...tW}.X..[I..5.dlU.G.xxNpy.X../......iZfj[.{en.>..I... ....'.d3f.^...e<iq...]..o.-.`..f.,N....n.ku..L.;..F..0$....H.U.*.......V&%l..N.ET.i.6..Q.8&...w.... ..S..C...s.|'.1RhM..!.V...8...r;c..|}-.A.....`.....M.6M.4}.Pt..<.p...D~._*s.Y.....~.....[v.-.-\.j..2...2v.gi..c.]..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000009
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30436
                                                                                                                              Entropy (8bit):7.9933250990045615
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:EA759EAB8943FDB288F40B8F605E4CE2
                                                                                                                              SHA1:C3539AD632156E1C722D4954893941B5DDE90308
                                                                                                                              SHA-256:5F3C0AA3F927ABE97FD66084E948E8BFC185DFBCE6103C0A91B499AC5A0EB06B
                                                                                                                              SHA-512:9C295DA111BABFB3C9277FE9694E4D3D23139C1C88D0CE509AC7B660E7E5A934D9605AD7B223CC71D3DED58E4536DB090B12DDD145F02EE6082D48341DA46174
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ....L.=..6...q....6..v">t9........As.X6&XX...Ae.z..8.0<..W...D.R...W.....0.+...?..1..........a...r.v....pH.0.b...?.:....Q..p........gh..0e.e..?..._[...?x..Js.i.D..Y..?.|.G....D...R0...b........_EY...._.H.k%......X./.........03....0.NjR........J.G.$.......L....d..C.D!.B...o.&....~$L..b.D..._.b...."..P.8....]`I........y....6`L.T..i....ox..i..i......K..._.l..a..h7.F.|...Q0M.5....8.d....>.L'..g..k..n..\..d4[.W1?.....d/...B...G...|....|y..-.1;$..M...n:.....t....o.^.........Vy^l...$..;(.N..H .i'..e..;?~Y&.,.....SX..i.f.~w7.iZf...)k..........r...Y{.a.H.....V.h^...>..C.Ae.fw.3+F..X/4...Q9..E.uh.5..?.]T...74.......p......:M.4j+./*z....>..8..ZT..W/...ls....[........|=.(..Ix......_cKjk?.&..r"+......?....&=..~M+....%........_R1.W{...........}.._..r.A...9MO..f.x....x..4...c.6[t.2./.,Y.x....@.....w^-.@/`H..]....U.W...3...LJ.N.....@.\m.]..qL A..../.A....!..9.y.m.R.U...QC2,..?.aq\...v.....Z.P.$u.....0..m..i....NUy...c.y....T...fc.......;*..(Z.U[...8.e..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000a
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 64832, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64832
                                                                                                                              Entropy (8bit):7.996573469517809
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5136CBE62A63604402F2FEDB97F246F8
                                                                                                                              SHA1:C193DEAA915E7183828400922700567900FB6CC3
                                                                                                                              SHA-256:02A7CD67C545041654AF047F04CE327F2DF086386EAB421ADC16269010C50365
                                                                                                                              SHA-512:0C2E0F6F5D6938CCBDCDD56F8DAE7A3E6B845D63D3C6152C69331779DEA87313D100380A6AE2C4A672B5BB53569C82F663D11B9C6D650E05736B8F883B97DA06
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2.......@.......T..............................b...L....`..F.T..<.....$..s........6.$..8. ..&. ..I[.g...r.m.V?R...!Vs_....'c..W..kx.lVZ....d.7......d......*..^"\...P@Q..u...@..Q.#.LpXV..UV..u.D......(..9..O ..Ev....."..v4.{1.6...!.tXx.g.?.O...[(....n.>^fT.2.+.]_|.EB*.M.n...Q..+.Q.....<.F\.a.......,P.K.w....m_X.Pa.D..&2.-5^..\....#..X:.".E..0.ypPVl@....fxJ....i...~4.T.m..R..Dg+..M...^...t.H)..2.E.q.W.GT...Q.hq...w...M..WD....N.......N.A.....$.`.....i.....xS..xo...e+....Y..-.2..FP..*...Y..._h5....$U..X.....+.p....3nx.-5.T...B...r..4.2.2-...WD<._..e/O[..7...H@..A..H2r.&.aJ-..I.H....5.{.q.G.q.D.T(!R.6/(....Q ( ..x -H.H.........(.DF.R..c..,....l..Q%0F.D..@..(..e?..........7t..!OO.H....m.S|.j.L]...Q..r.k..@..>`.c'A.k~.{..!).....<.oZ.B..f.d.|..X ..{5......|.9..4....i...y-I.... 0p9......o..y@.......R..s..eY.W.Z.N` .+.>1X.O....m#...........<...(..a...1......%.$...H.j.E.*.xw...7X1.*`Lu..^i.e....j.M....I.......iA)/....b..$..'.4e.........W..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000b
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:MPEG ADTS, layer III, v1, 320 kbps, 48 kHz, Monaural
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20160
                                                                                                                              Entropy (8bit):7.598353859937658
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:8A4943BC28145FF5D5875DFDE9147C8A
                                                                                                                              SHA1:208730AA3D6A3F609CE192FBB7A3D09B5A7B370B
                                                                                                                              SHA-256:3A7DD0E08F8044CF8B3A06294033093AD1DC1062DFE86DF83978774F6CF8AD8B
                                                                                                                              SHA-512:C3753BCA6EE752DA505EF3DCB24A7257B4A455FE91022A583A6370429BA4BA791283240A044FC5ABCF17F99A428D9FB7576F54E68F1BA3FD2E5EABC041913964
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .....................Info..........N...........&&&&&33333@@@@@LLLLLYYYYYYffffssssss.........................................................9LAME3.99r..........4.$.`...@..N....%...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................../...u....Dd3=.....p.f8..-N.3....:.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000c
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Audio file with ID3 version 2.3.0, contains:MPEG ADTS, layer III, v1, 320 kbps, 48 kHz, JntStereo
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):53312
                                                                                                                              Entropy (8bit):7.860892198473868
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:56342756EDCDBBBAD69ECB6B1D993F59
                                                                                                                              SHA1:F36D9822053FF7919CF653DC7045C4F5A50AF51E
                                                                                                                              SHA-256:671087453F8D41D3AFB306D8784F5AA2BBE39F585BE42600078F17C211C89A6E
                                                                                                                              SHA-512:D13CDC698E7FDCA6D1EB5D44746C0AD5A87F7C39C2EF7E587E701394B45B083FDE33D82E5D7DF72364D703F7CB8C16CA0D16A626093C8EA36FAC13466BF5240D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ID3......vTYER.......2014-03-02T10:50TDRC.......2014-03-02T10:50TALB...%.......l.b.u.m. .d.e. .o.l.i.v.e.i.r.o.TXXX.......Software.GarageBand 5.1TIT2.......NewMessageCOMM...y....... 00000000 00000210 000007B6 0000000000045FBA 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000COMM...y...XXX. 00000000 00000210 000007B6 0000000000045FBA 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000TXXX.......Composer.oliveiroTPE1.......oliveiroTXXX.......BPM (beats per minute).120...D................................Info.......6...@............!%%**//4488==BGGKKPPUUZZ^^chhmmqqvv{{......................................................9LAME3.99r..........4.$.D...@...@8.E~........................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000d
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Audio file with ID3 version 2.3.0, contains:MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32483
                                                                                                                              Entropy (8bit):7.91766625155663
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:34B85E74094912112B68C634BBB1E38B
                                                                                                                              SHA1:A14A07A8F825445FBCB6530C215662CE07BAA9DC
                                                                                                                              SHA-256:D54E9B1FB92B41475BEC02BA1E9CF4AAFED0007592D74993D6C08CFBDDCF0F66
                                                                                                                              SHA-512:C6D8361A2DD3CAE52ADEE9D0BFAC12617EEDD3FD13E10DB217F4478479C3EE055C65A8F5FC0B2A074281D1DA68FB197990A5D2F56E30EBAF6567816FE83CBEB9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ID3......RTIT2.......VS Pop_3TPE1.......Vilkas SoundTCOM.......Vilkas SoundTCOP.......CC 4.0...D....=hicp..WF%)n ......A........n'...p../-..0@..Q..e...h...7.apM.@.6.B.:... ..6...I.2{q\...m^..9..B.......{F..a..%.b..0XyU.u....M./.o...M...b....7.37..|tm...Y...sk......4.w..'fV,r...N.....................5.....sj*..(..A.1AA!v..Q...(..&+..M.($\V.].FN.PH#..S'.h...G".H..u..@.h.+6 $.........(.'G.......r......\.&.@ay..Q1[.@H...9.v..........p......I......... . a..@.........T$..BG....2r.....+.Nz........$..3j:(......./ ...sE.&mfL.....m.........Q..>....B@.h.......K........4..q.8../.P.r...:.<7..S.V.O8.....]=x..8..;s.E-..A*.z.V_'..g.....H.x....P....gNS.?S.K..D.ufQ.D.e2U.q.P........,(.`!..B)`.W..a..it..V..n..X...'.j..y0....l..D.....Wo..gE0.gkW.g#;y..R..V..N.crT@....2C@.`j(..8~"..,..6.[Zq.V.q.,L.3uNy.;..vTb...2..bz.........{%W..mR"..GF..p......AX|>......q...qi.....Q....t.+*6.............E<l....}r....m..q....<..T...j...BE.FIh;....:>.5......./.%..i.....p.../,....
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000e
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 65412, version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65412
                                                                                                                              Entropy (8bit):7.996540581745672
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:1561B424AAEF2F704BBD89155B3CE514
                                                                                                                              SHA1:7C512E2EBDDD4DBD08D0F7BFB5B772501F707078
                                                                                                                              SHA-256:C013C361FCB111A48C09D8B748A866E5871E992754FA4E927F2C92F4E5D2A850
                                                                                                                              SHA-512:C2904300C1C1B12F143CB300E84FBD7C825BDBF3B92D3355EFC02FD752AA05CC9A2D1EC714A31FE3EB876A3DDE463E0395D3E6831E04AB72A493B262F6B5ED85
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: wOF2...............T..............................b........`..F.\..<.....p..@........6.$..8. ..h. ..S[.h......;.5.&....mk..@..u.!NYGr....NK..{.....jCo....Pg........oM~..?.6y3...q.uT.*......1zL.."....O\.d..R..S.VR..x.9..0m.A>g.\X.%...v.S..R..xq).\I..M.V.....R[...k%..$.7...j.,|......u.7.I...........N.@......_..#.|..*F.......H......T4HB.l..G<z...9...Q.....m@..h..q.......nu..u....7...DI._.@%..OeTn.H!...:J.H_j....C......h)D..i.Y.c....%UK.......d&}./....fg.t1M)..:%r.d.U<...$..B\.u.<.....z.*qD!d..pd&.y;.`......A....,d..MuU+...!;..*.;.W:..o..w..Cf.p....S...N.j1.'.......M...]}..~.2..}/..xS...UT.....'.....f.....t_b&.lA'...5..z}.S.?..q....a...o...15..Fe.Y-T..}.....R,.- .at..!.tM..c.+..lOk.....0.}|.j..K.S.Qpa...YD......Q#&U.&.T..D..T.;~.R.Y..5*....}.C.h.:M....~..J.w...d....O....._WG`...w*.*.%....g.8N.6WJ.......>`..e....M.........................}.Z-.y.h...y..ZV...\X...p....V....J..f.._....x...9....gIQd;........E.js.*..#~...#J...pG!..S_r?.%P....t..2.$.{....
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00000f
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):116998
                                                                                                                              Entropy (8bit):7.8741368388571775
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:1C06EC0700E81CB5D42F0246F695790D
                                                                                                                              SHA1:DDB751902F241B317157DB218FC5D8AB1F0C2720
                                                                                                                              SHA-256:480C9DDFF13416C7C28E91D91EBA4223AE3E482BE79E26B6969092096CAE5818
                                                                                                                              SHA-512:AB62054750EAC23CA3CF1CE3732807F749A3253EB946A6B0193CEE119519CDEDAE14F6D637AA7DADF39C85940C1840D47A4BE64DAB1D9B3D9FD1E8C27965733C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR.......8........C....pHYs...........~... .IDATx.....f.....@.ffy.J...D..k...<..cF.j..Ji...0.....}..eT.I..[.7......................".../{".g...|T.'.h........-W3...?.V..kw^;.k.....^..V....7...c........./rv5...HP..P.A..2....RT....p....n......<..l.^.......o....kw^.V........&.?.x...=..@.........?rv.......8#~.*..zE.I..A..@.....U....G...:Z4.xF.gn<.......p(..j"g....]M.l.)>...:.j.....n9...u{o].:q.y...X.N.O[.-...._].v]...Znt....../...2..(.rv5......E.&r6....gD... S-..."..Y...r:9u...'.mm.g_.........g.)...B gW.9......E.&r69.H..pF. ./4/.Pu...YK..z.f..\^E-b...B.?.l.........]=.lr6....9.z...l.*>..z..D..I..RaR..^/.....K.....cX..b...&.)..."!gW.9......E.&r69.....3..X........_..e.........u.S...E@.&r69....]M.lr6p...g h...9.T......g.o............j....E.A,...E'....y.......D.&g...|.....M........~...S..,.S..6.E](..NO.lv.i..<...p....!g.......@..r.......?.Z..A.`R1U.a.g.e_...lh&A..m0......+.By...x..M'.V=.l.........]M...........D........'..]...%...X
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000010
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:gzip compressed data, max compression
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18817
                                                                                                                              Entropy (8bit):7.990229365992544
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:05750766C30277D5B94E4999E4C8C953
                                                                                                                              SHA1:EE58DA74C439EB624757F70E19437B9F374AAFF4
                                                                                                                              SHA-256:74DB9D11AF922C9C721F47BCD18E94F7D0331CD4AC6D9DC4E1C545F2C5593916
                                                                                                                              SHA-512:A8738C17CD33D1F7773AF7E3CDC124A5E24D9565F1C89C8BA87892F317EE0A8C67D5838C0C54A706A76820C776325C6374470346942DF5FB8B8FE92AA9898925
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...........}{W....|.........;...RZ.m..@Y......y.(.~.;..d.I......k..zY.F....o..r..u..n.....^.v.n......G..p<P....@.n.m.G........o..m..C......l.A..V_.s..Z.,<YY...G.xt.....U..^...E..w"..a....^..".q'...i..H..{.n...J.8...U..H...Gr.....'.C.^.....xN#Q.nkt...x.y.9. .l...U..>..q..e,.........a.K.Q.?.z....QT..n..........1.G.=I.......a.......I4$u@..I8p:.'h..v...=$A0P..X.L...2.W~.....>.....K..z..Q?..7~.V..:}B..$....J.....v7.].Wq..KZ..z..."Mw..h.=.....g.P5\..5*...2.ti...{..-.u..}Cs....h...vw..v.,u..8...F.4^.....Z....i..J.U.u(....90.W.t.C..J..bA.k[... U......{..^...q..w.T..Ii..z....e..Q...C...._.v.;.e=...1...d...Z...(..F.v..F..~.Z...P..i.....u<...T.7.q..../..!.......xQ...m.T.........^>..G]q.Ly...k..<R'....+5.......j...TH..{._...N..~.y...g.OH=MO.Y.m.....?.%...(LC...Y.....bx...s*.......:g..Ys Z.c^-.=/.KK.Q..4...2.GusHk./.....i]..L..8...~%L.E"N.d..E._..@M..B.Ok...N...W$yL+?...O.''..F.........8.`z0.1;..U....^;.<...,.F3..bgbtN...k....[...h.2u.....<.F.J.c.`......
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000011
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):259044
                                                                                                                              Entropy (8bit):7.997620484075879
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5BD3F9FAC453FD76EB3C35A9484A8F65
                                                                                                                              SHA1:A7018FD1507281AB7A334F09C7B387CE8545A48B
                                                                                                                              SHA-256:ACC2C045C4145F52B42FA813C669AE1B618139F2166654BD14702160C6681925
                                                                                                                              SHA-512:8ADB301CFEB40AAC9DD65E4F0DBF78A92B886354C26B1118C8E6D3B3F24D6A2984BAE123C1D95EED926EE63F7DCD6A89AEAC7F83FBE090770E92AB5DF71A038F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8L..../......9..4..z.y......,....?.H...m$Kv.c<......'f...l[2$e........`..2~....=..R.}l...#H.Y...8.u.S.Q.z.@r./ah65...@.@*......"]...........4.....:X..6R..]...@w.N.;....x..[.;.O....C).%....A%...#...O&..i.M...........7X.,....O7.>......"b..IDR..C....+.f4..1.eY..Y.+..yn./Lt.H......../.8..i`..A."...E~..r|...Q....v....!.Eq........j.;G....X...C.~.h.+...).../D.U./......O.gu.u.i.y`1.7...@.WKO..||.....9..:...1.M.43......(@..&.|..'.C1.e.UF....Z.....D...@..j.@1e{.X+..gR,...R...q.0.O.yu........oC.fBz...?f.+.a.b\.^..PR......f...d`s.*P<..|...'.. ...2....6.o.Y.A.r/..r5[...d.Q.SBN....,w...G,...Q..L.L..|c.L .Jg.q>$wAA3.cf.....|$..2.....t2..2(..Q.r.....m.A.d...'3w..@DL..9......j.~..1......M...#_P.....h>\...J.g(..>8.......m...Fg..!F..i..L.4..x..L.M.%i..N...e...SY.P....M\!1&.d.Z...&......a..&.......b4.^."....P.}..R.H.E0~.....4j.&...r.%..01M,..a?..mM....*.0.&..&i.}.-...p.'..P.P..w..$....@.<..x^J.ui....T.r..<&Y...n.5.t3$..$..z"...}.hTP......
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000012
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PNG image data, 1500 x 928, 8-bit colormap, non-interlaced
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):309031
                                                                                                                              Entropy (8bit):7.985119732800731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:3FFE3C18B497CA4B735B8A3245DDF89F
                                                                                                                              SHA1:1ADC79AB67E54E37AACE578971A3032ABCD7A850
                                                                                                                              SHA-256:B7C92B03D049902547E7BAE5B14E9E86FA5A1F606C9B28C255EE51906391FEE4
                                                                                                                              SHA-512:2A994DED0884AE84F2F9A70C6F260AC24E61970CB934EBD5FDA3EAA5C28B26659CE41F826C72F178F022D311AD75E9566AAC59CCA647F275F82076A774F1EFED
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .PNG........IHDR...............D.....gAMA......a.....sRGB.........PLTE.....s..s..t..s..sGVV..k..s..s..t..tFRRAIIBKL..uBJKIPP..r..{/6;&'-..v..(&-"(.%"*@WW! )..'.%$.'.._WPM1&-to`..x..s..w..kQIH.j..'...A@,").@C.=:.JD$b`..p..PIHKBB..x.FD.cC9;..%&dbvn^QwW<26"]`XPL(eb..&G?@TMLjbW.c..s.|a}um..I._.ua..l..ocVjc_Z~]..n..f..{|S8..'2&/+!#....#+* (.....)$.!!....$.99'.%.....!.36.67.<;C=C...!_e)..MGKJDH.D?PJMUPRGAE.@=2'(.03.B,.WB;5<..-SMP6++.tdYSU.%?.,17*2...4......PA.#%\WX?9?.S*:/.:16.]D.(...7$..;...H?`Z[$.F.O,.$*.DQ..l.L,c^^.MW..n@43.Q[D79.Y+xqojdcfaa.@M.Zb}vs.HT..qsmkB...V^.*H.yb.yhohg."1R..K?<.H..K@..ry=(.;JSF@.to)mk.|x.K#J...eGs7$.k\...pX%fg.q_.c*.fX..u3}t\NE...B..fM._Q.i..x..~.c..otOE.5E..~...R8I:4._?gXH[..X=5%oIscNyWKhkq(*0.*7.oU<>I']HfF<f2.DHO.PD.ZBPT[,}J$!!...6aL.[>.w<qQ...{n.cG,#..v*ODZ.\B.S..kk..)>X_.|....b.jA/...QB.....tRNS..#.......)0...7*.?F9MR`dz.N.t..e.D...|t......o....[...........e............................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000013
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:[TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, frames 3
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):393482
                                                                                                                              Entropy (8bit):7.977719415430583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:7CB1350DD9CF125CFFC3B037E445480C
                                                                                                                              SHA1:971D3B274679C6DBC65AB2A3B65DABCFD267566D
                                                                                                                              SHA-256:D6311B84A62F283FB0269E4C27BB29F4E07224D73E9D749AE1B056AB83F74AB0
                                                                                                                              SHA-512:310F26C7CF346BC2B9CC6F29771B5F380375D8138496D40E4D6FA182BC90ACBB8FE1238355D9EB45E3B25D2A2F4068AB0AC69A7757CDD7492705A6C2D38AA265
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ......Exif..MM.*..............Ducky.......P......Adobe.d.................................................................................................................................................8............................................................................................!.1A..Qa.q."2....B..R#..br.3....CS$..4.cs%....D.T5&.tE6'......................!1...AQ.a".q2...B..#.R...3$.b..r.S4%............?..#^.P..O..DF...P..L..tR_...*.W..7.........3.T[...Tn,8..5T...l.xT!CMj...A...:..<..^$Z......:..jh1.....x.Q\...ew.......`pp.F...7........7......Q.X....M.3*..."<...MY..LdC...ksV).Ti.V..o.>&.......,.....z<....Z.4.N...}.p.g:..y..q...{4....q.D...?o.X.m^.}N9.OM..=J...z5..v..$+./....I*..(..{k6.I....@.]..U..s.rx...3..h....}Ax.=.qob.........[.;...............x.co.t......Y...}m:.n..$.....-.Lw....H.0\..$_..+..e....7.o-4............dz...".....]t....<...9..L].?I?....7l.Ff..N.&v[xX.Wy...|..6.....@v4..@:j...:.@v4..@}4.............P ...|...7.....2...
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000014
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):76816
                                                                                                                              Entropy (8bit):7.987839149493365
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:154FC29472F497ACDC7AB769BEDD35A0
                                                                                                                              SHA1:6ADF8451F41031B8BBC2C81DD0CFBFFA74997099
                                                                                                                              SHA-256:DA6D8CFFE205448112A2C63272028E69B733DCCE44B594ADDAC39F24BFF544A6
                                                                                                                              SHA-512:F8525A807B85BDA32EA8A79E989AB13B0A6F91C86490DE3A84CAAE23F5CB8FF92DDD41DC9B8BF8246C53C1FC4D55085C8C0919F007F932888E96044EFA7FB18C
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF.,..WEBPVP8L.+../{I.....m#..?....(h.F.; ..MA.6R3.C0........B....@..`c..M1(......%...=....B"....m#(i....c....W.x7..M.j....[u.qhw.a..N<_^........}..+y:`.....d<.)...W>..|......*....kO.wL..^:.e...............UVz...^..B...s..#.1...x..wV.......4......k.mJkM..1.AQ.....MZ..C4.d6.~.}..7....QQ./........"..P....Qt~.+.........<...}.~9..{.$I....,.7"3.....1.3.UY?..m.k.m#qG..g....t..X..Z.......-.....{.M5.n.........Z.....[.m7l..........n....d.s4....r.N..H.T.../`.VH`f.@H...`....N..$037.w^){.5.?.Zs......{.d.v..j..Z..O@.co.a...$...mrd........G5..hg2[.*..(......nw..N.....y&.....I.%I.d.....J...........U.gk.....?../.,.h....kA|.._..#..|....6.:..0N".4......^....%O.......,.].......3..~..!.....)..........Gk.....q......{Q.).7...[.>._...[.I...^.. .{.G.n.s._.Yw..+./.>/.r/...C.g..`.>|].....m=:.e..i.t...^c./......F^.WYX'.7.v..g....}..{....u.....UQ...W4.i?...}...a..E..E.M......Z].............F.+.......El..%..)rKp.GELK#.E....t6Zx..q.L..03d.8.Qj@..1..1.OUl#.B6.Jr1y
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000015
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):944578
                                                                                                                              Entropy (8bit):7.995656737636973
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:9BAE024649B28412FA9EE9F77D9B17B1
                                                                                                                              SHA1:E7E9B20A087740E8989E9CE5D73D9B5D1EAFE2AD
                                                                                                                              SHA-256:2B5943178FFA81030E09898ECD8A4B55886C8543A53B86683F01536A77CAD46A
                                                                                                                              SHA-512:45DA2EA952E8E0BA16F5B69961F20FF142971328A8DD5C9D83E32FB1EF123C18BC5F6CE3C1728D72A7B327B9A1566DD248EBC569FEE35F1A22C9B2EC79772CFE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF.i..WEBPVP8L.i../.....Hl.H.$...)c...{...AD.'`f...[j.2.....L..... XO...F......$....V......#@..PA&(.0...>...rM.<.L+.>G..p&.C.B...Gj)...X.DI..F...#..p...G.b'...sF.9......"u/...Y..J.s.xz.u.....N.z....vO'....zt$....C.m.Iw.{}\....B !$..$.xK#M;z.....1IH..OU.i.~......y.t...>...*.w..US.U\.~..7Mu._.g~Z..._.n....U.(.....Z...o......Z@.EG.a{.\k.....,.^k..g.URx.n........~._.{..?.k.....!....H.$IB./..\.g..H. 0...:.mI...a$&..(....../.e#.......)..-.......>Q2w#..f.X...L&S........'C...9.`1...?.4...F.....`T.n.R-.CTU.g.T....P.J...PB..7.F.j0.6.T....X5.*=.......Z5k....F|...1Rk.....G0....J.h.j......>S...-... .X.q.Y`.N...P..c...h.`..`.Z....j.b..K..H...*.E...h4.k..0./.]..h.q......K..).......2eS .)l.n'...fk...J.4.......QX@^...i...b.8...BWO4l..,p1..AT..Z. ..v.....!8..z...!.d....)S0..J....g.......k.n......_.p......"..1.b..u.4...P....\^.X\,6...{.......B.B.d .x..9^9u..^.0.|.X...y.....!....!.!........@.......^.N.b....R../... _.R...>.o.Ht(......m....-.?.$.AQ_.e...M.3...q...../
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000016
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):308538
                                                                                                                              Entropy (8bit):7.993913652685956
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:848FE420612D882D7A4670C3C5BB0E48
                                                                                                                              SHA1:AC415DB4672F97D2CE700D86637597F88A36D915
                                                                                                                              SHA-256:8FF856A58673E6F07C4280CFE287BE910A3CF0CD63603A0BCF1623094BDDD126
                                                                                                                              SHA-512:96FE6B39218E2E5AC5280976089F195ADE43C0D60C10D174CA5B15631D1DCEC417AA36C9F67B1FE7881F8E99D2092693A75B86270E31DACEFB24D529CB2299B7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF2...WEBPVP8L%.../.....HL$I.$....S....9.".?.n.Q.q.kT.&.c&..t\..e4.z..lb.1.m.....j4Q.f.O.9G.._G5nGGs..D.9..S<....9...orU.S.k...A[.....m7............/F..E..>cT...|8./o../{D..-.d3:.{.....e;..*^.Y.m...J..x.Q.p..B....-......Biy.....x.=....Z....h..k'."I.$Ie..k....%)..Gw...m..m[[$..$2.J.S.[..........ZW..Fg!G.$A..'..?1..G:Nj...m.d..F.6F......C......Q.....=(.E.B.>....T...B..FQ....EQ.V.Q....6.B.f.....Ea,*E..ZZ$...}.cY....Q.....j.X4..}....@B.O..J%Da...=....X4.QUU...A!.).\.T*.C..F.BX..E\...XN.6...&.$..7TU....A1..(.S.B)..F......*(....(.EJ..h...AS..$.PSb.Q..(I,.#.b,c.$I.E.FI.q..re.He.1...34B..r..A5EE..(BIQ.H...1M@......(.$Q. .$.. ....H.X.f.H.@)..).NG....B..1...4.Q..@I*MS...p.I'A..[..i..t.<.. Q..$&.@.!4.<.....M.|5^..a.0..W/........c{.....LTJ.m..jJ.Q...?.w#....v...a.{.^..1z.=.........!.1E!.B...$aPB..<.`.......A.".F..0...!.,.....!B. .0..0....aX.ai...f..a8hN.....aY.F.d..........`.`8X......e....`Y.g880....,...,'..,..4.0...x.u....i.DX..p..'1.I.c9Y...,.99..i.......p
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000017
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):709602
                                                                                                                              Entropy (8bit):7.995692550285364
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:11FA5F09CBF1A098FE902C609C17F602
                                                                                                                              SHA1:2E164F34C83BC9586A0B22E8BC07A470F95E748A
                                                                                                                              SHA-256:21B60DDACEA5D22ACEADDF1B11C75C55978F4B67BD331F543278C0DA3697F942
                                                                                                                              SHA-512:4FC510814D156E5DC0EE580C3CA1569F784D8671084F049169D0143FC084E0E30FA2D9ED43677105A924F0AA3384B5ADD918A58329A0081965D2A77D1AECB33E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8L..../.....H.m7l........X..n.....,I..-].U..U..>o..,.u..%]..]z.w..I.........;...|=pN...,q^...tvWC....A.#...6....l..;.....-U.l'....f...q...<.....K6v.."o....0...c]...{.....p$@..'..L.x.{K[...|.........L..D..=Q...6x}Kp..'.3..23K|.\.b....Uv......_..?L..wWU.33........muf..ZU:..d&.....liK.I..|......RI.(..;.9.@._.*:\:.H.'.U%>m(..-..Vu&}2.1U7.S.#.q.B.#.D.IMA.a.m..c;..xr...~j@..-C.m.VZ_.>.p._.[.f..f..f..n...3p.HQ.x.......}MB......$...o].JD..M.$.Q.M.E...P.$..IR(..!!..B."...EP.....e....o..'n.B).*U.@@.S.?..IRH.B.....UC.D.1..r.,;q....%...G.'...z..b....*.......$Y..n.B.#..f...`Yq..<.^..g.8.y=\...(BQ...T.L..7.5.a..H.....p..,....vW(....C..u9.(.$.9.jW......T.E..*q...1.4.......o!B..*..Wk..:u9.....6..,..ms1.k1..b..Q..r.9.b.6.lm..]......P..{J.lz.....[..lnX..<...2......q.&.....r......da.{.^.........~jU*..D..%...M..7_.^.....9..a....j.cjm...7......S...1.....N.t.. .EE1..e....m....tR`q@s..L8xg....{....o.<..pL......6V<.Ba...........3.B.;W.E1cF..0.}..+..g.~.}.H
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000018
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):840720
                                                                                                                              Entropy (8bit):7.9967504123707185
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:0B3262F6DEFB45535AFFD51B7B87FC9F
                                                                                                                              SHA1:591DD2801C1C8524AA232DD7579F2EF6D2692066
                                                                                                                              SHA-256:120FC65F2FFA9275E97DCCD16EC57A98AA0C7FDA33DF6A7C46694410DD825AE2
                                                                                                                              SHA-512:51A0782D97DEEE448D51309641906A13950C192EA1CB80D36536DCFC149A1D7715BBC0BA71A81B1A0E15EC824A60FCE1E487761DB58B82C1351788F9FF75B99F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8L..../..|..Hl.I.$..?..78...<......Z>..OPA...~...4..;.j.W......E..n..5.H--.|..?...v#*j*.}..t..5.....6--e....n.C..1.R<..................<^.u...p"..Ee.......8H..2... ..c7..9..+..D...].*..........8...%....C9\mh)....>q.Z/...U.p.L..H.".."((..F....<.G...G._..v..}D{.-.p+...<B>s.....n.4C!.).0B....D.....Z.PL....H......x....CF^dI..b.Q..x....v....................W...E..,5.RZ....V.D.C.....}..1...r`.?Z..A-...L..@A ..._!.....bAn.c.f.-GQ....}...T...h>B.a.s...%.7im....fX(........@@ `.E@.....t.T.gf_o....HR+...3i$.%....s.Q..............00....#G...z_.:u*..J..z..R.F.B.}XO;g..FS.M.m.9..cF.{.z.f..co.n...-...9t..#...2.Ex..lu..(..W4.q.F.m4x.F.......<nZ.]...9n.q.>N..G.....D...Dx...c.....'<|.#.o.o....a..n..Dcs...,KQ......"%.)...?..?...f.V.tW.D......0.'./.@........%&.....q......~.b..9.1c..R$%..i...E...:.4U...c......q.s.z.+.`..;....../w...e....W.K...-..+W.Q.UGS.,".(...4.M...5d.P.x.....n.#.r.......D644(...[.83.M.F.{.V.J.+Vd8B..x..B$....c.%.....z......
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_000019
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):579098
                                                                                                                              Entropy (8bit):7.988251382856553
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:65992A1EFD30F254D1E44C7DE0F98201
                                                                                                                              SHA1:C6655741CED9194D704673B494C7B61E31D75CA6
                                                                                                                              SHA-256:AEE322308EAEBD81B2836A3C8AFC4C1B7219AA0A74A416A572FA4EA6D2EE78F0
                                                                                                                              SHA-512:AD5A9AA1FEE01EC9668EE0F748A52E8FBBC1CEF923C3B06F5EA8E3A091D3E72C2279FDCC046633A96DBAF1F34DB1577567403352FBAAB85FAD6E9D0124B1EB28
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8L..../.....@l.F...f/{....g..K....x..Q...".dFE...^.<.....$.....5V......l7^?....r...6.VDTL.r@..<.$...MgQ..y#nm.n..n.hfJ.I...-..6.u...........TDD#.'...K.53.s...?....f4[.u.."j.".z.Z5...........x..A.=.Qk".w.^Qm9....6*.......+&/...=.7..}[L.j.O.?.I...k..~O.v..U^..[.qG_I...Yw.Y..~].z}.P..^..F....$I..a.....=z5..p..0.[Dy.*.R$.#c(.D."hFRi.q.......Ivm[1.Z....4aq........m....>.E..).P:~.H|..DQ$..#K..:.$uL......=\l..?..px.EQ..Q.E......a....v.m.8N..."I..B..-.:..cq+X...r..Q.=...f.p.....p..c..!.t.'d#y...(R..!.Jd..../_.}..m....X,bq..z.o6...ok\...m..M......k...f...aQJY...D....2.f.E....o.9.WD...Cy!....@....*..=l{^...P...c...k.Y.lc{..k.&s,`.W."........\.m._.?.k#Df^..>u.hP.$.JT...j....Xl].....pC..3...b..2...X.>.........qJ.Ot...bQ...g...J...Y>..?.Q...c....".9..r..#s.=. "D.h.'..D.q.......M.E.[..Z6.+...|q<M{...5.l..G........[j.Jr.V=...`.L.E..F=..6..LM.N..l...>5.k'.O6[d...Dl..J/.Q..?..8Q.E....[.7..........q....;.fRjK}.......P..........BDu
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00001a
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:[none]x[none], YUV color, decoders should clamp
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):44830
                                                                                                                              Entropy (8bit):7.9954397826354615
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:0D56A71C100A50DDC427754949B3B026
                                                                                                                              SHA1:DAEF4B0B8B2CB1B0A95C2B66AD869DCCF2771AB2
                                                                                                                              SHA-256:067E32483C965155CD18F9062F458D7009D827859C3FA130210AB147B66C9A71
                                                                                                                              SHA-512:C959139AFD5A6FDAA3997F37620FFB76D7A9E465B9F1FE648A4A0FB58E82AE7181981D6A4C119A9D9F31B25CCB0E954ACB1909C248C22F29F14956E931140B19
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8 ....P....*.......%..:g..,.+0.....N..y.~...........a%.D...y_....G.N[..............G........X.o.........z_...~........'.............{...7..O...?...{..........;....l_.o.?5......>a.............>u._.O.~A.R._............?._ ?.........._..............a...#.G..........O.......~..3.........~..............C...w._..._...g...%.....o.?............(~....Y.Y...../............/._....=............~..8..._...o._.......C...|..U.#..#..mb~....JV..h.....%?.S...w.......\. ..U*........o.w./.o7.P.._^:.]0.1...{.V..."..m..}....r.(.S..9.x.#.F...e.@.5..j.#'.[.1$....V...?:..o.-..06.fS...[.>P.t...SK..S.e.....X.g.s.qa..h...........k.Z..j3.....%.m8..s..-....l7.h..2..X.lEnQG$..f...E23=.X..{..h......60.q!!F&3..\7fod..U.$(.....'2.w..v..#......w0....... ...Li.}.Q`...AY..]...&.Z[...'.....fY.'.q.v_.0.....z.....R.g.'......>.K:f^..O... Du...{Z;)a<Lu..&...0L_=^e>Y.....]h......\.....r......h.....pn...Z./2..7..2j.b.B...Z2.p/...c.'b.0.\......`d`2...%.r8..x.0..X.).L.Q.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\f_00001b
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:RIFF (little-endian) data, Web/P image
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1286438
                                                                                                                              Entropy (8bit):7.976426954579734
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5F5593B57E819BFA4E15F29EC76A09EB
                                                                                                                              SHA1:0D0B398A4AA78A88054523299315760D1E709C08
                                                                                                                              SHA-256:8BB5080B48391B4EBCE82500728795EEA53019989843DAF7D91A0B9512EAECE9
                                                                                                                              SHA-512:3F3F6C755E5B10454FD550ACDD201DDF66D45158E89B1E9785D5DE1B3D6A287CAF145AA62CF0DE22FFBFBAAF6A04ECE4DEC4CEC96AD77339E35A74D7E09C683E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: RIFF....WEBPVP8L..../.G...@l#I....u.....w.D.....-k.yf2..slc{.c...x..M:..uo.}......C=o7...^.9.=.t..^....Y.s..W..........X....<...s_...q..H....I...%.".....mC..!.@~...@....C.....W....VBxz.f&IH...d<#.a.B.I.j..@..s..,f.6I.....@9'..s.e.=3.).J...e..[ '@.S.I.q.d...8[Z.'<K.....}zL..@B.._..7..A)m...g...9.Z.>aCI..9b.p.".3.I.,s.c..l.1F.Q|..!.I...v.n..EYVdEV$EV.UQ..G...S./.s..v..c...."""...X...p...`....UQQ?K-......&...F....+vZ x......d.0.w....,..}..EP.0.......1v..vB.)...n..7.AGKR.*(.is..M.D.P.}f.`..+'..T.W.....0....+....VZ..........z4.+..]W...!.%.#7b.#.CvR..a....K.9..}n......'o...8888R.TPAZ..L..<.?.H.mL..O...^..\..+...@.. .D1....Q.Fc46.....C.-z.6.....^.Mj.'.3=...nR3gNA.N_...2..........ZDt^t.F...u.&...........b....4..ID".B..<Z.y.<.I$XyH......W....\.r.V>....."R...HIr..S.q...2~E...N...0p.8.`8.Z..b.H.x.O.L.q.P..E.....1..`wVg............U.....].TP.8q.7..R~.~.#...j.......Ax.k.l.o._:...+.S(..R~H..Go?x.u..<o....GJ..WJjV..%.....<.zWa.CEcq.-?x.rX4...........`
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cache\index
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796353
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):368
                                                                                                                              Entropy (8bit):0.3457230943472962
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:66503414065DDDBDE8DFEE3EA30FAED3
                                                                                                                              SHA1:8610F2A61323CC73396F035C66CF04FCE0395466
                                                                                                                              SHA-256:02D5F6D20BDB65A00C30DE6556CB33D404D6792433C590941E5928A76E9F20D4
                                                                                                                              SHA-512:343619BF968CB08ACF62FD49AECA74DF29E461BCC9A50E6AA267710E5C863283CF1BF3950892C368DC55BE8E3CED786B6A8D14C764821012708174BC33427383
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................'..:../.................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\093f9f222f250b98_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):223
                                                                                                                              Entropy (8bit):5.526264858523634
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:099AFF03848D7D82E02A6FBF75630CBE
                                                                                                                              SHA1:EB901609124B393EF5FF14DDD7989149868AABDD
                                                                                                                              SHA-256:FD2CA4EAEFE763CC45F72C226309CCF6CAAAA0BE1E5A4E5DAC64CF299149EC8B
                                                                                                                              SHA-512:2463B7FBB6651CDD76EFD51BA3B547E5622BE79EEF6D61288861EC2814FDB3D3B88F871AFD0A62CD53AE3F6BDA6582832852BF804CA2F66A17183AA5BA7D5BB1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......_....#x....._keyhttps://cdn.jsdelivr.net/npm/ifvisible@1.1.0/src/ifvisible.min.js .https://sidequestvr.com/.x.=../.....Z.u`.N.......N..F...<... qD..I...T..+..k.d.A..Eo...................A..Eo........Q.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\24854b666f753b4b_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):192
                                                                                                                              Entropy (8bit):5.3903306712913155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:BFFF7B82EDC7E13D67CD15EB97133E55
                                                                                                                              SHA1:FB13A96B74B47E819347885972F4FA2B1A4EF2F9
                                                                                                                              SHA-256:46085AD9F4EC4D3420D95572FC37481F77D37C6FA87F0D3FC92C409E78470285
                                                                                                                              SHA-512:18FA117220F4EC3C636F4267D519363C33B4323CB011F44D8D16C25718961D3A13897F3F5A81621417129C2898624BFE80B20FF19880CA74F7ACABE2B06F001E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......@...=.<....._keyhttps://sidequestvr.com/scripts.js .https://sidequestvr.com/.|.=../.....Z.u`hO......^...:...;$S0.Y.*d..UY...m...B....A..Eo...................A..Eo.........=........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\37e59f3ea5d0d6d7_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):189
                                                                                                                              Entropy (8bit):5.4287485312945485
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:696B1A3876B3E92725EC2C815B13E918
                                                                                                                              SHA1:7B1DCDB8AC0E069F3FE13ABDF3E07B2BCB55C333
                                                                                                                              SHA-256:3C18F672F702C3F378EE80DBC8CB9B956CE38455476081EB89F911909CE652FE
                                                                                                                              SHA-512:93CAA04D917EB6D1BF1A56AE9CB2C817FCEF37F85C8660941936DE86004F236408C761800CDEBAC0C981A26D24728EA4EB6C58BA3775D9AA8339B988B2E61038
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......=...L.&F...._keyhttps://sidequestvr.com/main.js .https://sidequestvr.com/{..=../.....Z.u`.P........[6I]......n..w..'~.<^...ubl\.e.A..Eo...................A..Eo......x.2.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\562988b952238ca9_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):194
                                                                                                                              Entropy (8bit):5.381413557345966
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:023E8211B0F0B9299597CB33B3C46A3D
                                                                                                                              SHA1:9F0C7F2DB181EBB05438672AC1C2F2794FE1F36F
                                                                                                                              SHA-256:39226CBBFB4D2488E3B78BE29D78DAB801FB013E2F7DA9C46572FED3D1564464
                                                                                                                              SHA-512:B1414EDD644FAEA542CE2DEF9273F4AB0F17C88BABE9B0D60507A419ABB5BB610383F08B50A431AF9FD38D3676850AF55B6DF4D038D04FDBE3F7D07A373ED335
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......B...=G.e...._keyhttps://sidequestvr.com/polyfills.js .https://sidequestvr.com/|-.=../.....Z.u`:O.......s.......Vb^.x..h......@X.j....A..Eo...................A..Eo........be........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\5c461af63242e1d5_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):238
                                                                                                                              Entropy (8bit):5.687958811752502
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:A23984139F8BA2A734A0BD0C8D93649F
                                                                                                                              SHA1:A222BE79930955F0A6E4B9DACE8EB2BF894CE4AA
                                                                                                                              SHA-256:E3C66B14460DAAF10A94406936D94BE012E8526D1D8C8EAE790C5A939BC9B71A
                                                                                                                              SHA-512:F075339342B1F78DCEB91749823F20FD955754F53ADFAB7CDCB5263BFD0E9BC8F4A15345BDD4DEB440BC6FEE693E4A6383FD41EFC680FC696E3E0E5A45952B5B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......n..........._keyhttps://js.stripe.com/v3/fingerprinted/js/m-outer-fe96732da72c6a6f4c4db1ff14c37915.js .https://stripe.com/...@../.....Z.u`.X........+q.........../..SM...x*...&.A..Eo...................A..Eo.......[`.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\6384bb2cc563b69d_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):183
                                                                                                                              Entropy (8bit):5.4041282434754105
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:CE36E26E078E968A1626FEE53FD24820
                                                                                                                              SHA1:B6E1EE9F1F652B659F538F888A5A859C2B762C4D
                                                                                                                              SHA-256:24F5F42B8106461CCB5E8CDE7C6A73A01EBB3EDD497465E22076F91496E1FD47
                                                                                                                              SHA-512:18F0BF6C9DD53BEDAB8C419C11DC3C37B2E7EE4F558A2E46629C91C12788CFE24BE7580E5F0575FFE31F7B49387C73807D13A5A1C60128BCBD3B0D58499151AD
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......7.........._keyhttps://js.stripe.com/v3/ .https://sidequestvr.com/M0.=../.....Z.u`.N.........C4.H+[...._$..L...m.zFS.YP.u..A..Eo...................A..Eo........5U........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\6a07430d3848989b_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):216
                                                                                                                              Entropy (8bit):5.718801369385997
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:3629CB21B9112A6EC0AFC41F69467282
                                                                                                                              SHA1:6D772C8FA69B319452259D61007063563667C591
                                                                                                                              SHA-256:19F5C64B225597BDBE8133ED9B40FCD8883E54C3A27045BFDEB2B4E767F3765D
                                                                                                                              SHA-512:F4798C23CC3434AB220635CAA60F097336D49521A9F3934F260E5CF6C4184BBB39718541EAF55F5F9AED6527BDD1EDC04AFB74F2718ABD53123A806A952C7E2D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......X..........._keyhttps://www.googletagmanager.com/gtag/js?id=UA-152732171-1 .https://sidequestvr.com/...=../.....Z.u`.P.......*O.~.K1...I.gRFCL......#...@.A..Eo...................A..Eo.......x.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\85514aa2ef22a026_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):192
                                                                                                                              Entropy (8bit):5.383831418892902
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:24F17E778CA133DB4E45F9EE3E7336DE
                                                                                                                              SHA1:B6FB8D9FB91E6A039ACBF5479257588D48678FB4
                                                                                                                              SHA-256:5C915C0A8BFEE4CD358F5F226EE840418684C1B9C7713E9A17352A5FED4AB008
                                                                                                                              SHA-512:DB5E2386502DBBD703AF1BAC4840C0C2274CD9940B16FC91B5FB334D10E236A10C8F28E988E3FDE67D274C62C5A4EE206FE18A7266CA25FEEF8D83F0B4CCCA45
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......@...{G89...._keyhttps://sidequestvr.com/runtime.js .https://sidequestvr.com/...=../.....Z.u`.N.......e]..Q.W....M.|8e. ....F8.c..A..Eo...................A..Eo......l.~J........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\8f0990f557feef88_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):229
                                                                                                                              Entropy (8bit):5.595449303497287
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:23E3C5EF0C89C51A95C0F9DD7B2013FD
                                                                                                                              SHA1:C980258AAC745482A13A199C64A4B85C2E811A63
                                                                                                                              SHA-256:604F5BCE8C2416EB3C98C39D9775A4AD1AA7677342B397F494764012D05A610B
                                                                                                                              SHA-512:9CCA1939971FEB0885FD6914CC7F90F66ECF72E6058A8423A6E4AAADD081EEDCDAF01A008E69110AD9F2BD50CB66B2B352A41079DDC96B7A8686445C25D17E52
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......e....^.Y...._keyhttps://cdnjs.cloudflare.com/ajax/libs/spark-md5/3.0.0/spark-md5.min.js .https://sidequestvr.com/wU.=../.....Z.u`.N......6...K.G..q.7....].....v.. ..l.A..Eo...................A..Eo........F.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\bcd29b94e40a0c30_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):203
                                                                                                                              Entropy (8bit):5.528702502457149
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:4A2B67E52FEB2F42635B864EFB0F30C7
                                                                                                                              SHA1:8A374CC109E961C76F62E8F568EACBCD733924A7
                                                                                                                              SHA-256:CCAE8F3F06938EC419F5C709C33CA5E3A89E3DD08A737E96B4945C7F21F3954D
                                                                                                                              SHA-512:5721C7116268CAEF1C6E71D3257032D9231746A6C1230869A3356039E7446C9D4215D09C94024D1BD389CD24B3EA1AB30308D2790321FFCBBF3087B4AA5C61BC
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......K...]....._keyhttps://www.google-analytics.com/analytics.js .https://sidequestvr.com/,f,=../.....Z.u`.V.......H.)yP.2..... U..}.4....'..e.....A..Eo...................A..Eo........I#........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\cde42a5b30f03d92_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):223
                                                                                                                              Entropy (8bit):5.529336437837428
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5627F14647F962C04476911CD5AB28C1
                                                                                                                              SHA1:05A4493E0AAFEEE2541E869B7468898F2979D542
                                                                                                                              SHA-256:DDE830198982205739B4E923AE2F00A869C20E0CAA6B5D3E4E93A7DBED621575
                                                                                                                              SHA-512:55ED0B308AF730102755C7BB9C36CE710B1D9C3DE7B7E0F3C1F7F7DB4A8C0DA81B5EB528D121046E8F9EC9329DC9F94AB66F50C6D01C376F14FA9C66A8069AEA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m......_...I......_keyhttps://cdnjs.cloudflare.com/ajax/libs/marked/1.0.0/marked.min.js .https://sidequestvr.com/tT.=../.....Z.u`.N......s...2....].....c..Z^..(...R.4.A..Eo...................A..Eo........D.........
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\index
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ISO-8859 text, with no line terminators, with escape sequences
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24
                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 0\r..m..................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Code Cache\js\index-dir\temp-index
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):360
                                                                                                                              Entropy (8bit):4.639806262727344
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E2062C68F559F3BDA6DFAC60EA23D4F2
                                                                                                                              SHA1:2FDC1341D878EFF9A8244A6DA995B81DB17882D6
                                                                                                                              SHA-256:4F60329A6C55AD56EA8F04A583EE8E32757DEAF26418A37149B9BBA9230D99DA
                                                                                                                              SHA-512:321E0D8840E6C2A66DBD4EB89606D021ABA97EF5051C91B391E90346113DA4DA912B7BC40ACE0B1E8B0CA5C2A2EED98977C7B2E2EB3F07C08BF0D99D13618C29
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: (...h...oy retne.......................... 5../.0...,<.(oy retne........................&.".JQ....=../............W.......=../...........c.,..c...=../...........H8.C.j...=../...........%/".?....=../..........=.0[*....=../...........#R..)V...=../.........K;uofK.$...=../............>..7...=../.........0.....@+=../...........B2..F\@.:=../...........@=../.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cookies
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3029000
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):57344
                                                                                                                              Entropy (8bit):0.9202429928314731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:A70CA105BC9AA21603A478A2E2B72C60
                                                                                                                              SHA1:03F23710F830892CAA4092914B418E82A8E1482B
                                                                                                                              SHA-256:2F70EAACC7C51E14F02FE19DE9ED8AAD460D6A60FC1D6158AEC0B58A5B2C105E
                                                                                                                              SHA-512:AA11442FE0515C79CB3881AC8737E04ACF974435F7CB140F6340656AD12653441D171339DEF193B7156F991DF56A0DFAC53365E3F04B0DD584544FE0025F3C53
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: SQLite format 3......@ ..........................................................................8.......g..g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Cookies-journal
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39556
                                                                                                                              Entropy (8bit):0.9073213990504493
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:4737D262AB9EE7C33DBA9CA14D524694
                                                                                                                              SHA1:0146808B29D27697B4D1CC82CA54D8068267BFA0
                                                                                                                              SHA-256:292D04232D20762267A6B918050929615193EA341211CA5C69F729B6B6F6579C
                                                                                                                              SHA-512:88B3BC960B7E25A3ED1DEA7E0AF1E0F5768EA120883101F889AD4647EF4E273D4E5F7B463A8E296A7D7E5B1A96CDF29D53BA94431DE80FEED21543992A5538F4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............m.?..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c.................=mw.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\GPUCache\data_0
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8192
                                                                                                                              Entropy (8bit):0.01057775872642915
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\GPUCache\data_1
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8784
                                                                                                                              Entropy (8bit):0.05388287069503064
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E61041A2206FEFC4816BDF31042DE726
                                                                                                                              SHA1:FF53A71E09869BE7F7DF605F8CE9D8941255E225
                                                                                                                              SHA-256:D284E32879481C9178583851DF11A78E531E6C5CAA14A8C69FEE4FAC3411204D
                                                                                                                              SHA-512:AE18E39E0A72697463431AD8DBDFCFD419254729A9B490B5D1CC789CFF9AE655D7E492D67C9D97E75F52B4145AB249F6DC1A2AF101A7136494318AD41A5A2F7D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\GPUCache\data_2
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8192
                                                                                                                              Entropy (8bit):0.011852361981932763
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\GPUCache\data_3
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8192
                                                                                                                              Entropy (8bit):0.012340643231932763
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\GPUCache\index
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796353
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):368
                                                                                                                              Entropy (8bit):0.3511578769559919
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E66A70D9B4EAD7DAE6DE204BDA3DE741
                                                                                                                              SHA1:6AE71B01365C7A2A98E92ACA7608BC87C59986DF
                                                                                                                              SHA-256:804ED490F64D7D5893B75F06C4BC72DB2D035F058000D246F27DADCA6A81D357
                                                                                                                              SHA-512:69E0316DD1DDEDE8292627174714C3C6669F12E3602D073A0A9711BE88D04EAB782F58B95A7D838814A39C75D44A5570A3FFF47D2B09D775391C7392AD16BBB4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: ...........................................5../.................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Local Storage\leveldb\000001.dbtmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16
                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MANIFEST-000001.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Local Storage\leveldb\000003.log
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1343
                                                                                                                              Entropy (8bit):5.633456212919624
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:ABDD984AC89BEEF8E02D72E41EF7EA2C
                                                                                                                              SHA1:6FEDAC2347C1A03D9BF2AC533B0CEAC0B56338B8
                                                                                                                              SHA-256:FEEE9C4DB9D8D459C862AC418B3B25AF3C5166C90CF1651B154CFBD337DF81C5
                                                                                                                              SHA-512:0B617AD5BC1E4F796588E93941A817AFC679D5217F159239C64C6CA747943367E9B44353F3145197D86C931CDC1B990A2E6879D892CCCC153E05699BCD4BFA41
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: _T.R.................VERSION.1..META:file://...........t.._file://..backup-path1.C:\Users\user\AppData\Roaming\SideQuest\backups.._file://..save-path-.C:\Users\user\AppData\Roaming\SideQuest\tmp'.|..................META:https://sidequestvr.com..............#_https://sidequestvr.com..app_index...{"25":"com.JumbliVR.Jigsaw360","85":"com.MyronSoftware.Deisim","307":"com.Virtuleap.Enhance","358":"com.electrichatgames.tothetop","413":"org.godotengine.vrworkout","444":"io.mrscribbles","476":"com.Earthlings.GrandReality","502":"com.AoQ.AttackOnQuest","517":"com.aura.Arrows","549":"com.overrungame.arcaxer","772":"com.MontePerdido.VanishingGrace","812":"com.sloppy.carparkingsimulator","995":"no.xlayer.GhostLeagueDemo","1014":"com.BrothersVR.HarvestVR","1075":"com.survivorman.descent","1086":"com.J7.Hitstream","1192":"com.darkrockstudios.games.vr.fugitive3d","1228":"com.strv.bowmaster","1246":"com.StormingTech.EscapeLegacySideQuest","1781":"com.ShovelTools.GymClass","2104":"aschvr.happyrun.com
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Local Storage\leveldb\LOG
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):70
                                                                                                                              Entropy (8bit):4.715087038949381
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:3487C34DFA15881AF568C00A3023A3C1
                                                                                                                              SHA1:64C2D6DCF46DA30E7F70C4CC48C6ECDDB71A5337
                                                                                                                              SHA-256:6A5429CD01DF57C7CDB9660239C7D685AA0B876C4DE7BC40B6252844AE406478
                                                                                                                              SHA-512:93CB7019CB13E0AE5284A5D028DCBDE8D8B4D7A1FBEF98FD1872BBB783ABCD33E1C9E99906D3652037B8CEA3315EF0CD2243AC01516B913393C79F9936B63BEE
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 2021/01/07-03:43:19.387 1108 Reusing MANIFEST leveldb/MANIFEST-000001.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Local Storage\leveldb\MANIFEST-000001
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PGP\011Secret Key -
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41
                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .|.."....leveldb.BytewiseComparator......
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Session Storage\000001.dbtmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16
                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MANIFEST-000001.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Session Storage\000003.log
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):417
                                                                                                                              Entropy (8bit):4.3288034251231124
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:9AD9A1F6C8E55F942DB2A0727BBF7B7B
                                                                                                                              SHA1:99C8FF28FCECB89F1889A168B7671D322D2B4DBA
                                                                                                                              SHA-256:60AB51AE18ACD62BF1BDE38D45D73349D1066E30D2D4A2BB4B5B640ABD952DAC
                                                                                                                              SHA-512:97B2E2BCC8E54F688408D3E3F4DBDD56651D3E2C6A5F7292D970242E2501A5C5B93BA5B97D676B0C369FA69EFAD5048924EAF16AAC5FE7A619B6D562E8162622
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: *...#................version.1..namespace-...kg................next-map-id.1.Hnamespace-eff2de95_fd4b_48a6_8925_448c0c712ed6-https://m.stripe.network/.0..=$.................map-0-1.1...map-0-_ab.f.a.l.s.e...map-0-_mfn0.1.0.0.1.0.0.1.0.1.1.1.1.1.1.1.1.0.1.0.0.1.1.0.1.1.1.1.1.1.1.1.0.1.1.1.0.0.1.0.1.1.0.1.1.1.1.1.0.1.1.1.1.1.1...map-0-id@e.0.0.3.b.a.3.5.7.a.6.7.f.e.f.5.0.f.1.6.0.6.9.c.f.1.8.c.5.a.6.c...map-0-muffins
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Session Storage\LOG
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78
                                                                                                                              Entropy (8bit):4.789207034192535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:871AD226C8473B238A418F7B4CD69E5D
                                                                                                                              SHA1:7FEA1BB52D3E047F8CFA7A171502C05DC178B167
                                                                                                                              SHA-256:934C7298B1FB7519216F558F97DCDF80CEBB53E4CC64E53EC76F5F127BDD0194
                                                                                                                              SHA-512:D9B11F4DF2B68952AA12686A7493728CE9AC7E7FCCF27AEB9605BEC711375C5A191D42CBF788D17517C49F1C04316035902764EE2AE09A5E4354846425FA56E1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: 2021/01/07-03:44:02.226 156c Reusing MANIFEST Session Storage/MANIFEST-000001.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\Session Storage\MANIFEST-000001
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PGP\011Secret Key -
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41
                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: .|.."....leveldb.BytewiseComparator......
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\b2da2775-e8d9-49f3-b9e2-2e2ef7d8e303.tmp
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59
                                                                                                                              Entropy (8bit):4.619434150836742
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                              SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                              SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                              SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\AdbWinApi.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):113568
                                                                                                                              Entropy (8bit):6.566874263414715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:B7417108AAEEC26C3A9AE5EE90185AF6
                                                                                                                              SHA1:447C6B314D740884424E271FED390C2CD08E39C8
                                                                                                                              SHA-256:F0755DBF9C54F0016D99CD2BE58F9C1B2D993539511B23934F7CB3CEE4333769
                                                                                                                              SHA-512:409DDAA9B62744BCDEA41321515E689A9FDFCBD28D4CC93B6A0633F712B622E2351B08928384940E32FB0D8D1EB264153AE30C9BCDB062FD85F28C8D21275E16
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s............jF...........j@.....jV.....jG.....jQ.....jA.....jD....Rich...........PE..L.....U...........!.....F...R......Lz.......`....@.................................}.....@..........................E.......=..P....................~...=...........................................1..@...............l............................text....E.......F.................. ..`.data...d....`.......J..............@....rsrc................\..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\AdbWinUsbApi.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):78752
                                                                                                                              Entropy (8bit):6.567667023751328
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:83E5A57FBC4A89C42B50025C048ABE54
                                                                                                                              SHA1:ABCF3A46CAA93EAE3D0C5C4CC44AAFE239A04E7C
                                                                                                                              SHA-256:13E8191CC51D0B450AF365C209F9957E28D0F9815A467A5C7BFA137C5D6CFC74
                                                                                                                              SHA-512:D27E967F208ECEE29A89E3C277F673B433A968B931AA3F099A140F97FF191AD9F686B41D49F5FE5DFDACDA5446641C23331E9205ABF75BDB392C2C5BD6815AA1
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!Q%.@?v.@?v.@?v.8.v.@?v.@>v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?vRich.@?v........................PE..L...1..U...........!.........8......JC............@..........................0............@.............................^.......d.......0................=.........................................../..@............................................text...N........................... ..`.data...............................@....rsrc...0...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\NOTICE.txt
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ISO-8859 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):362313
                                                                                                                              Entropy (8bit):4.85461473942343
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:83DA50EDE6298A9B37EAF43AE79F99BC
                                                                                                                              SHA1:7A51F761C74C9B9ECE9DE4BE1DD4483170E97F67
                                                                                                                              SHA-256:A4DC8C23032FAB75F0D3ACA897E8A060C8EDCDB4D799EAE60A65166193C22155
                                                                                                                              SHA-512:B2186DAEA6F2C9F7D55745A9FABB024C3296F1D2F00C2DFE32691337E781D3C5899814AF540BD7A3599E0B0A4D284501D13C344493E72D6CFC09334F2BF0E220
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Notices for files contained in the tools directory:.============================================================.Notices for file(s):./lib/libfec_rs.a./lib64/libfec_rs.a.------------------------------------------------------------... GNU LESSER GENERAL PUBLIC LICENSE... Version 2.1, February 1999.. Copyright . 1991, 1999 Free Software Foundation, Inc.. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.]..... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users...
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5208992
                                                                                                                              Entropy (8bit):6.723520085477772
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:A6922D1B0CE58266497BA9DB1A35C900
                                                                                                                              SHA1:F61F447DCA87B5E9072CFEEED1F3D31F68991A51
                                                                                                                              SHA-256:886924EC5FE4037303A3E1FF8888C7A4F1312B9DA53A53F14F1C74785225C27D
                                                                                                                              SHA-512:F13A90D3B46924E590E6FC9AE999CBDEAF01AD3CB8C0F7069C3945940E0311E4795CA5DA4C04C7D62FBA0FB251F0D26A90C4D869609D96AC61C03D39FBCD3DEA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.:.................D;...................J...@..........................`Q.......P...@..........................zH..9..8.I......................>O..=....O.$.....I.8...................DP=.......................I.<............................text...~B;......D;................. .0`.rdata..:....`;......H;.............@.0@.buildidQ.....I.......I.............@.0@.data...XX....J.......I.............@.0..gcc_exct#...`O..$...\M.............@.0@.tls..........O.......M.............@.0..reloc..$.....O.......M.............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\dmtracedump.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):264096
                                                                                                                              Entropy (8bit):6.577004764717794
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:DA3B5BAFA613DA0D1C26F4390C050D99
                                                                                                                              SHA1:C39B510390E6891FF48B5726A3E413C003B5F7F3
                                                                                                                              SHA-256:E7D389149FDE8C058692DDCE4288BC52413A9A9BCE815FB28B6AEE2389904C10
                                                                                                                              SHA-512:B2F06F73B3600D304BC9A8D3CED89DBBBF0A121498348A294EB3BDF39B0A2ADB299539790FDABBEA34D0F08775E76AEBD4ED439B60BD64321339E0FFAB17D65F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._7.7..........................................@..........................0............@..............................................................=.......)......8................... ;..........................l............................text...0........................... .0`.rdata..`.... ......................@.0@.buildidQ...........................@.0@.data...t...........................@.0..gcc_exc\...........................@.0@.tls................................@.0..reloc...).......*..................@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\etc1tool.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):442784
                                                                                                                              Entropy (8bit):6.726826624691355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:CF5F77EE2644743A5457D3E31DBE3A16
                                                                                                                              SHA1:7A900B82DE60DBB3E1C55664834797C8D7795E52
                                                                                                                              SHA-256:0693921F7E18A8738933F80193A067D4B5B98CBBCE5EB1743235A0E16F160225
                                                                                                                              SHA-512:06DAAE0E9D93640EDF8F6DE49F7D939985EF148517EFB9D3755741EC926560E266AD7F30525DA845CB83AC5CEF1BDD2AE6953F403A078B95E4E550A11B44E895
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8+9.................L...4...............`....@..................................m....@..................................;...........................=.......9...P..8...................l.......................X?..X............................text....K.......L.................. .0`.rdata.......`.......P..............@.0@.buildidQ....P.......@..............@.0@.data...4....`.......B..............@.0..gcc_exc\............D..............@.0@.tls.................H..............@.0..reloc...9.......:...J..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\fastboot.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1412000
                                                                                                                              Entropy (8bit):6.660034706054847
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:CA40C13F27AE67C4AC1F1727A4A2F6EC
                                                                                                                              SHA1:51731EAC98C21870408A7B7C35EBC432CEB7D8D2
                                                                                                                              SHA-256:66C7EB1E29941593934E12E65761FD7E7D1B306A991A609A14712387F019E984
                                                                                                                              SHA-512:D63E852C6CE2253815EFC7A0A5D8FBBE2D587568341AB4FAB5F9359E190DB0FA7FC38660DD27CD3ADC82895844038D4DADBF6141274151F55A31F75A4E93EE8F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>?>.....................^....................@.......................................@.............................D9...W..h....................N...=......h.......8....................@.......................]...............................text...P........................... .0`.rdata...x.......z..................@.0@.buildidQ............j..............@.0@.data... 1...........l..............@.0..gcc_exc$#.......$...r..............@.0@.tls................................@.0..reloc..h...........................@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\hprof-conv.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59296
                                                                                                                              Entropy (8bit):6.761803177806214
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:0579D102B86A59F969EA7C3E08004DA1
                                                                                                                              SHA1:9D40E84231F0F4316D7F0A4EDB4AD09B19095022
                                                                                                                              SHA-256:146567CE2DADBA34C9C70A2633FEFF240A4270189DED6CB7AEA2FA62830CF719
                                                                                                                              SHA-512:CC9266C5A27C54FCBB9840803E11F60CBF16C0A6CA3300A8B5B399A2600BD4894621A927927AB228D5A1462DA59F84461C05057602F3E7EA97DC187727D8084E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6"6.................|...*....................@..................................a....@.................................$............................=..............8..........................................p...\............................text....{.......|.................. .0`.rdata..\...........................@.0@.buildidQ...........................@.0@.data...`...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\libwinpthread-1.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):247376
                                                                                                                              Entropy (8bit):5.927846526173433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5BFF399845348611D1EB52BC3A3ECA7E
                                                                                                                              SHA1:B4CD9986A8F1D796016716AF07364D2EBBEEB984
                                                                                                                              SHA-256:7108C5036D6ED59F62A43D4CC556554DCE7C78DFFE3179DC30909E84A5EEAB98
                                                                                                                              SHA-512:125E5B3D4CAD8A661FF2451D7DD9AE541B4B35BDF4C36978029DD8A1D5FF71056A5B69D6E35D30009CCF0B1AB99358AD60074C10E291859C62C5B352401DA541
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t.^....:......!.........<.....................d.........................p.......2....@... ...................... .......@.......p..P................=..........................................................pB...............................text...@........................... .P`.data...............................@.0..rdata..............................@.0@.bss..................................`..edata....... ......................@.0@.idata.......@......................@.0..CRT....0....P......................@.0..tls.........`......................@.0..rsrc...P....p......................@.0..reloc..............................@.0B/4..................................@.@B/19.....V...........................@..B/31.....o...........................@..B/45.....r'.......(..................@..B/57.....t............8..............@.0B/70..................P..
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\make_f2fs.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):508832
                                                                                                                              Entropy (8bit):6.709767743408933
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:456388EAE77E4D87CC0D53302005F993
                                                                                                                              SHA1:9ECB9B6721AD7BE29BC4CFE31A6B3BF48F44805F
                                                                                                                              SHA-256:86F4C40AFF64C7B8F14F779727B4EF7E80A43B6784DC711B22F614E84BFE34A2
                                                                                                                              SHA-512:5D2750E1B791C2DA22E6A0C22CE33C76B201FFD477A0ED99D6213D9AF7541258D3AE7B89CF944C0F193613E3326B62583EF1BFBA5A4B74EFB9BE0E747B794EB7
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p....................D...>...............`....@..................................T....@..................................4...........................=......DA...P..8...................p........................9...............................text...HB.......D.................. .0`.rdata.. ....`.......H..............@.0@.buildidQ....P.......6..............@.0@.data....'...`.......8..............@.0..gcc_excL............<..............@.0@.tls.................B..............@.0..reloc..DA.......B...D..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\mke2fs.conf
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1157
                                                                                                                              Entropy (8bit):4.2433656306527565
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:699098CA95F87BA48BB94A3E848549B3
                                                                                                                              SHA1:50A060B26D000908D3C664600D61D3027FAE0FA9
                                                                                                                              SHA-256:AD58A58DCDD24D85055814CA9CAC67DB89D4E67C434E96774BDCE0D0A007D067
                                                                                                                              SHA-512:C46FE3CF5C09D81407D0A5C24CB9BCCBDF2D4D40F310B9EC8C4C4336D1F2356E6E9D1E33A2080F52BD6B6F77732EC155060D97558BD5B5B719BC389EB6D24DB4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: [defaults]. base_features = sparse_super,large_file,filetype,dir_index,ext_attr. default_mntopts = acl,user_xattr. enable_periodic_fsck = 0. blocksize = 4096. inode_size = 256. inode_ratio = 16384. reserved_ratio = 1.0..[fs_types]. ext3 = {. features = has_journal. }. ext4 = {. features = has_journal,extent,huge_file,dir_nlink,extra_isize,uninit_bg. inode_size = 256. }. ext4dev = {. features = has_journal,extent,huge_file,flex_bg,inline_data,64bit,dir_nlink,extra_isize. inode_size = 256. options = test_fs=1. }. small = {. blocksize = 1024. inode_size = 128. inode_ratio = 4096. }. floppy = {. blocksize = 1024. inode_size = 128. inode_ratio = 8192. }. big = {. inode_ratio = 32768. }. huge = {. inode_ratio = 65536. }. news = {. inode_ratio = 4096. }. largefile = {. inode_ratio = 1048576. blocksize = -
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\mke2fs.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):768416
                                                                                                                              Entropy (8bit):6.761412427340894
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:D9992E1AD0CF98BF746DB250ECC32982
                                                                                                                              SHA1:3BFC4F5B25119642715925516485C6F31B2CB08E
                                                                                                                              SHA-256:B05F7D13141BDFFA7B9C5F1B756ED8A1DDD1B608632849A296BB1E98BD8D83D6
                                                                                                                              SHA-512:47B9637A694402C4D523941C682670DEA7FF97724847EC44E396C8DA57349953926AE4408ACA035E573A996F782AC30E3C3F5E931E499F943114D5B32E7AC855
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O8.8.................p...................0....@..................................,....@.....................................,....................|...=......`Y... ..8............................................................................text....n.......p.................. .0`.rdata..............t..............@.0@.buildidQ.... ......................@.0@.data...|'...0......................@.0..gcc_excL....`......................@.0@.tls.........p....... ..............@.0..reloc..`Y.......Z..."..............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\source.properties
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):38
                                                                                                                              Entropy (8bit):4.366091329119193
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:B52F2D5EE0313A147A8FDE51599BA4D3
                                                                                                                              SHA1:76399E19E2E6012CDA718F07F08B9839C6C1CF46
                                                                                                                              SHA-256:04DD9912F1106A50FCDE23AF3287BAE2BC76BA1A050DDA10F02FBA3086A8813C
                                                                                                                              SHA-512:25BB022049708CB254AA24BAFC27FD0CE63FC7F324C27A9C5CAB991B8B3132E470F1FEC6B5C99D77810DED735FA266107AF992D1407D2966DCC2FA0B992E1B23
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: Pkg.UserSrc=false.Pkg.Revision=30.0.4.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\platform-tools\sqlite3.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1217440
                                                                                                                              Entropy (8bit):6.578688636172767
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:10F057F635D987DCEB0F5403EDBEB639
                                                                                                                              SHA1:45C5385582C6B10381F14B43C97F5EE5613238EC
                                                                                                                              SHA-256:10B530AE001765B1FBD216177CE96721B08C49CE1C9FB8454996F43D93A121CE
                                                                                                                              SHA-512:775246F7DA8B9F7A70AA8477F875335AB2C09E626B4790CC849F8E21F9D3C72638C07EB87D7F3926D35E5531E8CEDB43EDD93161085DA5CCD098E8E14FDA65BA
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'4H4.....................\....................@.................................U.....@.................................l........................V...=..............8...................$........................................................text...X........................... .0`.rdata..L...........................@.0@.buildidQ...........................@.0@.data...@)..........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy.zip
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Zip archive data, at least v2.0 to extract
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):23429525
                                                                                                                              Entropy (8bit):7.997707632674546
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:54CB2FF20A1B634AC0B8773CA0F0B0AF
                                                                                                                              SHA1:A7C5526328536899C09549C5C1D37C44A52085AE
                                                                                                                              SHA-256:3802C9EA0307D437947FF150EC65E53990B0BEAACD0C8D0BED19C7650CE141BD
                                                                                                                              SHA-512:D905B4D0FE145C4F22C573A9298E18AE38C3D930DDB1645F6099D0C1555F5F43D9A978066289A0B74962A13286B8BDE88FCFE508700A6CD9DB85224A3DAE0A8B
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: PK........V.sO!......P......swscale-5.dllUT...Dj.]Dj.]ux..............}.|....f.lB.,.5j...&b)Q..D.Yf.n H.(.....*.]M[...o..X.....{>.c....o..I..(..@......k..!\.{.....l6dC.`.#.........gfv(.c-..q..~.a.{.c?vn..z....j6.R..K_.../.\r...?p..E..Yt...x..Z...{.....K3f....O.=:..Q....2.{..x.(.)..~:.-......V.,...&.o.I...S.A..O.qU.i>;n..n......>A ..... .....+.....nu....K......fp}...&z..y...t.!...hS.UTO.{.g....S..G..vv."0q.n..~....a[.oWm....1..W..x.I..u..."80....2..........e..z.:0q1..b.1.q.JP....|.e...Av..So...*....p..........t.i..?....)..z....._...0..........8.~du..;-\.rO.'..s.l.r..9.d......r......r..`T..w>..w.....]....AJ.sw.YY.....7K.'q.+A.$..Mz.....d...xC.r.PRI......C.W..........`..;.....-.8.....F8.XV..'..rq..t.,....Q.6.+.k`.).,44q....;p-...._.s(....x........{.......h[..h[.....'.W./n./..K....z...|........~..n.a&?~-5...px-.44.v.}Q@~<%.~..s/.=.m.Mk.....N.B7..Z8...|3l...Lk..9T@.3..`.,lO.......p.@!..N...n..._...\`.`....}9..v.u.I(..~..~..R.'.l...
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\AdbWinApi.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):97792
                                                                                                                              Entropy (8bit):6.290809134958502
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:ED5A809DC0024D83CBAB4FB9933D598D
                                                                                                                              SHA1:0BC5A82327F8641D9287101E4CC7041AF20BAD57
                                                                                                                              SHA-256:D60103A5E99BC9888F786EE916F5D6E45493C3247972CB053833803DE7E95CF9
                                                                                                                              SHA-512:1FDB74EE5912FBDD2C0CBA501E998349FECFBEF5F4F743C7978C38996AA7E1F38E8AC750F2DC8F84B8094DE3DD6FA3F983A29F290B3FA2CDBDAED691748BAF17
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s............jF...........j@.....jV.....jG.....jQ.....jA.....jD....Rich...........PE..L.....U...........!.....F...R......Lz.......`....@.................................]"....@..........................E.......=..P....................................................................1..@...............l............................text....E.......F.................. ..`.data...d....`.......J..............@....rsrc................\..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\AdbWinUsbApi.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):62976
                                                                                                                              Entropy (8bit):6.157225899022573
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:0E24119DAF1909E398FA1850B6112077
                                                                                                                              SHA1:293EEDADB3172E756A421790D551E407457E0A8C
                                                                                                                              SHA-256:25207C506D29C4E8DCEB61B4BD50E8669BA26012988A43FBF26A890B1E60FC97
                                                                                                                              SHA-512:9CBB26E555AB40B019A446337DB58770B9A0C9C08316FF1E1909C4B6D99C00BD33522D05890870A91B4B581E20C7DCE87488AB0D22FC3C4BBDD7E9B38F164B43
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!Q%.@?v.@?v.@?v.8.v.@?v.@>v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?v.8.v.@?vRich.@?v........................PE..L...1..U...........!.........8......JC............@..........................0............@.............................^.......d.......0............................................................/..@............................................text...N........................... ..`.data...............................@....rsrc...0...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\SDL2.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1401344
                                                                                                                              Entropy (8bit):6.593229349745219
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:02CC3EEF36DB9438ED33440354054E41
                                                                                                                              SHA1:F6A4A0EFF2C51E9540A541ED22740E687F4FCF81
                                                                                                                              SHA-256:5D66BD7C48A61FF952475EC3492FCAD67A81E626D849F00824D2B6442ADF8D2F
                                                                                                                              SHA-512:7450EBB5F9123A524D40760D63BDAF93B9A96D219543821D5231C85428F9959E4353EB1604328DC79152F2EA1610D47BD063861BB434FAFB5C15A5A816E327CC
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....d...^...:............tl..........................................`... ......................................0...L.......-..............P........................................... ...(...................l...h............................text....c.......d..................`.P`.data...pN.......P...h..............@.`..rdata..............................@.`@.pdata..P...........................@.0@.xdata..$....P.......4..............@.0@.bss....|9............................`..edata...L...0...N..................@.0@.idata...-..........................@.0..CRT....X............D..............@.@..tls....h............F..............@.`..rsrc................H..............@.0..reloc...............L..............@.0B................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\adb.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2583552
                                                                                                                              Entropy (8bit):6.904573623601341
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:C752064585CE1C47CF113FC776E0D678
                                                                                                                              SHA1:91F594BFD06BA34BDC4A0ACD2B0D570DA0FEB7BC
                                                                                                                              SHA-256:F1F654DF0A74B171DA34750B4FF34F15A49B75D45AED54123B72998AEF619968
                                                                                                                              SHA-512:08F3E8F4139294781765E822747F6F3C09370C093E259F3C0B9E07E8629A497D1720951B4C99606B3B86F5D5D15C213B1559D710BC8D00CEF18F90732098647B
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.4......................................"...@...........................).....W.'...@..........................!......v"...............................(..-....".....................h.......................P~".<............................text...J........................... .0`.rdata..V...........................@.0@.buildid5.....".......".............@.0@.data...h}....".......".............@.0..gcc_exc,#...@(..$....&.............@.0@.tls.........p(......<&.............@.0..reloc...-....(......>&.............@.0B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avcodec-58.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):46985728
                                                                                                                              Entropy (8bit):6.719574508140584
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:EE9C285459C33E33BF1C145AB05E175D
                                                                                                                              SHA1:4EBF9DD4575467946D0F8D60858C52A1F2FB608E
                                                                                                                              SHA-256:411837A7204DF8CF5AF8C3F4E7D23A25868BC33A8F4AE0F423A9282EBC6253CD
                                                                                                                              SHA-512:4600DCE4F450AA4443A75B1A627252CD6D8206BAAA15DB54068AB7ED2F45DB63678F48E192E85D835C403FBA1F9BABC046248E6319CDA9E867680DF36F94FB8E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."... .xV.........P.........................................m......W....`... .......................................k.].....k..B...0l.P....p..dc...........@l.DU..............................(...................x.k..............................text...x.T.......T.................`..`.rotext.......T.......T............. .``.data... <....V..>...|V.............@.`..rdata...?b...Z..@b...Z.............@..@.rodata.,B... ...D..................@.`@.pdata..dc...p...d...>..............@.0@.xdata..X...........................@.0@.bss..................................p..edata..].....k.....................@.0@.idata...B....k..D...P..............@.0..CRT....X.....l.....................@.@..tls......... l.....................@.@..rsrc...P....0l.....................@.0..reloc..DU...@l..V..................@.0B................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avformat-58.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10319872
                                                                                                                              Entropy (8bit):6.485206371981219
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5AD6A07957E3E5653AD3649D58E2E3E0
                                                                                                                              SHA1:BCA48B4A11B3DCC668B2F78E111CA5AE36F19E62
                                                                                                                              SHA-256:7B299604FEE5D8C8AD4AE5FBF145B2B0B0ED9423D877B9A694D627540DB496D9
                                                                                                                              SHA-512:D3C8596BC2F6BA6EFFD4F21F7A3AABA0CC82D518C30B8B3C58B1986ED5FA349F54DF8CAD5E69DC029F327F5E4B8134770CC9F71572765964964774FB31C1689F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."... .Pp..t...N..P........................................@...........`... ........................................?.......\`......h....P...%..............t............................y..(...................p................................text....Op......Pp.................`.p`.data........`p......Tp.............@.`..rodata......Pr......:r.............@.0..rdata...."..`r..."..<r.............@.`@.pdata...%...P...&...&..............@.0@.xdata...............L..............@.@@.bss.....M............................`..edata..?...........T..............@.0@.idata..\`.......b...p..............@.0..CRT....X....p.....................@.@..tls...............................@.@..rsrc...h..........................@.0..reloc..t..........................@.0B........................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\avutil-56.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):793088
                                                                                                                              Entropy (8bit):6.420121465153679
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:D5597B186FA8FEA2CAA07C9079303409
                                                                                                                              SHA1:40FCDF817E4CF1A01D4F747370DE95A99EF332F9
                                                                                                                              SHA-256:0956533BB020DC5EC6A55174B46BB130C423EAC520F084D8E4CE7A0490F60098
                                                                                                                              SHA-512:014F401EB3B0056BF07078D3EC534F6639648AFE7E45A6C76052DCDA5E7CFE97C6DF051D5B0CE8F3A6980BF0A9528427066794BC7280FF99F0ADFF0498DAF77F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."... ............P................................................g....`... .........................................2=...0.......p..P....@...C..............T...............................(....................6...............................text...............................`.P`.data........ ......................@.`..rdata.......0......................@.`@.pdata...C...@...D... ..............@.0@.xdata...F.......H...d..............@.0@.bss....@.............................`..edata..2=.......>..................@.0@.idata.......0......................@.0..CRT....X....P......................@.@..tls.........`......................@.@..rsrc...P....p......................@.0..reloc..T...........................@.0B................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy-noconsole.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):486345
                                                                                                                              Entropy (8bit):5.902617920518084
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:7E481F2EDEA5C64544ECC7CDE8685591
                                                                                                                              SHA1:530EECFBFE44418232BBF257C66EC488578C806D
                                                                                                                              SHA-256:534DEC562877FAD1DBC5DEAB5B8939CF58C7F2D60C6F5B58536A826E4AEBCD47
                                                                                                                              SHA-512:A46F8423063895CF639AB8E96440A3D6E6EC04C0C6445AB69732311AAC3BD4E915C6356A063795EA254CA65BDED210287F891296EC194C0FE799D14142BDC439
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Dj.].^........'....!......................@.....................................t,....`... ..............................................P..................\...............................................(....................V...............................text...............................`.P`.data...............................@.`..rdata...>.......@..................@.`@.pdata..\...........................@.0@.xdata..h.... ......................@.0@.bss....|....0........................`..idata.......P......................@.0..CRT....h....p....... ..............@.@..tls................."..............@.@./4......p............$..............@..B/19......H.......J...*..............@..B/31......1.......2...t..............@..B/45......D...0...F..................@..B/57.................................@.@B/70.....3...........................@..B/81.....
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy-server
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:Zip archive data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25454
                                                                                                                              Entropy (8bit):7.944487008055899
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E1BB58C68CD02560C7383775BE7E08AD
                                                                                                                              SHA1:B77B62F9A193C870F56BBC9EBAE1D02620593FF3
                                                                                                                              SHA-256:FF3A454012E91D9185CFE8CA7691CEA16C43A7DCC08E92FA47AB9F0EA675ABD1
                                                                                                                              SHA-512:DC8756BEFA433BCA97C6A3A6748C41A2817EE8C77267713DA81B1EE673EA107FDFFCDE94AEB6B74F69937307CF63B21BDAB9DA4FC71FC2531F520A0C9ADD7A3F
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: PK............J.o.............AndroidManifest.xml...N.A...( ..H..'V.&.v.R[c............1>.....XYY..v..8....l..s.=s.L......u.....X............7..V.t...#x.9<'.PM..U..t..:0M8)._...]......'..+"n.]4.wFe..Z0ur......u.~....`.8.{.o.l.....W*x..3T...S.R..2.2gwQ...o..m..c.Ut.|;.....w..E.%2g.JC]..C...)".k..L..M.....P5.nhGW...i.....Qt\....Z.3i....c.."h...1. ..,)..,n.&...b.]Y.Y....Vg.u.\....~..{...-yn.M.K..y..\.s...6..q.~.......&b.*VW.\0.....z........'PK..............c.S...W.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r*..).u..RpO.K-J,IM.M..ut...r.J..A..y)E..)..E.)9...z&zF.\.\.PK.............=..=^..........classes.dex...|\...z.nQ_.Vr..+.E6..l...U,.$KHk.I.-Kk{mi.j.T....B.P....PR ..8..R .CB.HH.!.$..w...+.I...~O..g.93sg..93w.nWxwz.E.J.....}...].....?.;..K......D1".~a...T...W..L.g@...=...8.;...ID.p]....]4...^.~....=...W....@..D..*.........U.5...].=...'...o.....D.@.....6......._.^...2..M.....!.F.6...../...Y..l..h...K....._.N...~....7.(...r.1@>.........`.p.p7p.x..].9..h.
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\scrcpy.exe
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):486521
                                                                                                                              Entropy (8bit):5.9043557827808115
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:4582D6B724D3CEB9C65D7676F04BB8B9
                                                                                                                              SHA1:5DBB932ED3D6769B1F33CF5B50D80C92A766640F
                                                                                                                              SHA-256:778E2E40DA94B7D6045EF8CCBA21F6A232643093B203C9F6E726FBBED9619E30
                                                                                                                              SHA-512:5AD9670F4A7A0A1193DD642D3933F38A139005E367D854B8F06CE920070B7F35B2A8879D19FA12956798F16A4191FEB2CE9684C5F4DE56DE2F37F54E55162B5E
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...>j.].^........'....!......................@.....................................N.....`... ..............................................P..................\...............................................(....................V...............................text...............................`.P`.data...............................@.`..rdata...>.......@..................@.`@.pdata..\...........................@.0@.xdata..h.... ......................@.0@.bss....|....0........................`..idata.......P......................@.0..CRT....h....p....... ..............@.@..tls................."..............@.@./4......p............$..............@..B/19......H.......J...*..............@..B/31......1.......2...t..............@..B/45......D...0...F..................@..B/57.................................@.@B/70.....3...........................@..B/81.....
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swresample-3.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):428544
                                                                                                                              Entropy (8bit):6.542592027899986
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:4943EB4D3854F08B480B33A6DDB69A91
                                                                                                                              SHA1:4926B1DD8E0A42563F0D29671216ECF0CE62AE9B
                                                                                                                              SHA-256:E48462096C27A5A3D31FED7AFBF24AE819EE726D538924D61EDD0EA51A6FD15D
                                                                                                                              SHA-512:65E7CA468960903471F55773FC3BCF3518CE0CC18878A227CC8B12E863195C88B3FCC289D05ECB797F49E87B9D1786861D996FE542F6B55BE76682193D28592D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."... .........Z..P........................................p............`... .............................................. .......P..h....`...............`..D............................>..(...................."..h............................text..............................`.P`.data...............................@.`..rdata..0...........................@.`@.pdata.......`.......2..............@.0@.xdata..H!......."...H..............@.0@.bss....xY............................`..edata...............j..............@.0@.idata....... .......n..............@.0..CRT....X....0.......z..............@.@..tls.........@.......|..............@.@..rsrc...h....P.......~..............@.0..reloc..D....`......................@.0B................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\scrcpy\swscale-5.dll
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):544768
                                                                                                                              Entropy (8bit):6.542862122493946
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:06D90A125C4D8E15F1994D842BFC9E45
                                                                                                                              SHA1:9B9E125204F4A019DAEA62861182C70948E1E34F
                                                                                                                              SHA-256:22B8AC6CB12CB1D66C6F59357ADF5BC6318AD05B62DC3A2240C78F7439F3246D
                                                                                                                              SHA-512:90053D8265C07CA6F681AE462DE323EE85E3B06BB0957D1E2E908C9C834D9778074F31FC5FC50207EE7DBE7DF46B5F4128CBD29BD5FB75E55C6E5893FD625842
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."... .z...L......P........................................`............`... .................................................|....@..`.......8%...........P..................................(...................H................................text....x.......z..................`.P`.data................~..............@.P..rdata...].......^..................@.`@.pdata..8%.......&..................@.0@.xdata...1...0...2..................@.0@.bss....x....p........................`..edata...............6..............@.0@.idata..|............:..............@.0..CRT....X.... .......D..............@.@..tls.........0.......F..............@.@..rsrc...`....@.......H..............@.0..reloc.......P.......L..............@.0B................................................................................................................................
                                                                                                                              C:\Users\user\AppData\Roaming\SideQuest\state-storage.json
                                                                                                                              Process:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):168
                                                                                                                              Entropy (8bit):3.8417337881970157
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:E55B94CCF138B7EE1363AC71D9EA78DE
                                                                                                                              SHA1:069FA670AE467CA9F7255089FBD6F16A6CC01ACD
                                                                                                                              SHA-256:8AA9E7173FD530285BBC1407294A55E0A61FCF73CF20AD19704E123A58E9EE46
                                                                                                                              SHA-512:2CBF482EAD552CE95309DF8183393E12E56994D29A95F526A7C5FE66F982BD7903EBC563E22CAE0046A25C248506521B3FFA8BB1085940CB9EE6389D23721DE8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: {. "windowState": {. "mode": "normal",. "x": 128,. "y": 108,. "width": 1024,. "height": 768,. "display": 2528732444. }.}
                                                                                                                              C:\Users\user\Desktop\SideQuest.lnk
                                                                                                                              Process:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Jan 7 10:40:59 2021, mtime=Thu Jan 7 10:41:03 2021, atime=Thu Oct 29 19:21:38 2020, length=104846752, window=hide
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):4929
                                                                                                                              Entropy (8bit):3.8591579908707683
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:5360C28E17CD641AEFA1BE3054EFD127
                                                                                                                              SHA1:53AF7726F85A56704D87E04061E3AA8B60AF0AC6
                                                                                                                              SHA-256:C06EC5203DB58B6EF4068373F10F911E0455869072607B66113C825F0B3E8E0C
                                                                                                                              SHA-512:7AD26665F559FC4FE9BD4A8F1DA1F56FC57BEFB9A65A5A51ACFA4DE52486B4722311E0EC56A8228D0004ADAFBEA2FE404EEF70C40A49DFBA3CCCE32752F16B0D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: L..................F.@.. ...x.......Z.a.........1.....?.....................,.:..DG..Yr?.D..U..k0.&...&...........-..zK..:..............t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny.'R.\.....Y....................f.(.A.p.p.D.a.t.a...B.P.1.....'R"]..Local.<.......Ny.'R"].....Y.....................$..L.o.c.a.l.....Z.1.....'R.]..Programs..B......'R.]'R%]....zk......................-.P.r.o.g.r.a.m.s.....\.1.....'R%]..SIDEQU~1..D......'R.]'R%].....s....................e...S.i.d.e.Q.u.e.s.t.....h.2...?.]Q.. .SIDEQU~1.EXE..L......'R ]'R"].............................S.i.d.e.Q.u.e.s.t...e.x.e.......l...............-.......k............h.[.....C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe..t.A. .o.p.e.n. .a.p.p. .s.t.o.r.e. .f.o.r. .m.o.b.i.l.e. .a.n.d.r.o.i.d. .b.a.s.e.d. .V.R. .d.e.v.i.c.e.s. .s.u.c.h. .a.s. .t.h.e. .L.e.v.o.v.o. .M.i.r.a.g.e.,. .O.c.u.l.u.s. .G.o.,. .O.c.u.l.u.s. .Q.u.e.s.t.,. .V.i.v.e. .F.o.c.u.s...1.....\.A.p.p.D.a.t.a.\.
                                                                                                                              C:\Users\user\Desktop\cmdline.out
                                                                                                                              Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):93848
                                                                                                                              Entropy (8bit):2.31443225717334
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:94BA593D1259A517E24667A7F356B876
                                                                                                                              SHA1:6C79C93FB6DBA72D5F788DCD84BDD8FC4B703CBB
                                                                                                                              SHA-256:E2E7DB3BCE615EB5315BDEE51BE192B24A030FECA321FFE044BF10B0B5669010
                                                                                                                              SHA-512:7C5A821871291D8D19FCA205F4C210185D9C347A19FB81815DDF1E04B3B903C262B8D0D16AC50EDE4688592FBA5FFC6C5717D797F8377B3E411C398D0CFDED04
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: --2021-01-07 03:39:46-- https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe..Resolving github.com (github.com)... 140.82.121.3..Connecting to github.com (github.com)|140.82.121.3|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/254852798/66286400-1a24-11eb-8bb4-763a27eb1439?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210107%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210107T023947Z&X-Amz-Expires=300&X-Amz-Signature=5e901843d44c661329ff0143d71c9d0e7b9255caeee08c089f56922daca2e66b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=254852798&response-content-disposition=attachment%3B%20filename%3DSideQuest-Setup-0.10.18-x64-win.exe&response-content-type=application%2Foctet-stream [following]..--2021-01-07 03:39:46-- https://github-production-release-asset-2e65be.s3.amazonaws.com/254852798/66286400-1a24-11eb-
                                                                                                                              C:\Users\user\Desktop\download\.wget-hsts
                                                                                                                              Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):169
                                                                                                                              Entropy (8bit):5.125132955335306
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:
                                                                                                                              MD5:16E97C8FF354AC00855792F2CA9AE35F
                                                                                                                              SHA1:6513B9B56587BD20AC3628F1E0A1A79A3C075387
                                                                                                                              SHA-256:809E895C615C1EFF926E30460750244A04014BBB7FC1818B6E4DBF277ACB7D68
                                                                                                                              SHA-512:026C7BE75AC12FBAACA718407A419CBA543E3FF470B64C5894BE732C3FF92B4DB895202D601886A036261AD5E9DE4FF6A0DF42BBB4A556EDC863035A0F3E4ED6
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview: # HSTS 1.0 Known Hosts database for GNU Wget...# Edit at your own risk...# <hostname>.<port>.<incl. subdomains>.<created>.<max-age>..github.com.0.1.1610019586.31536000..
                                                                                                                              C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60406464
                                                                                                                              Entropy (8bit):7.999626738995975
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:
                                                                                                                              MD5:7D2DF347C736EF512461B7F8764FAE3E
                                                                                                                              SHA1:DE6353F26BB4158CE96D716BE8D4B1AAFBAC7311
                                                                                                                              SHA-256:9B787162EDB7C1AA52CAD220F9EF6C4AE200DD10AD83D5612E81595E2B5E5DD8
                                                                                                                              SHA-512:FBCBEA56B262858459F0CEA1AE86AF40327070FBE731C3FB7E2DC1B4D94D720468883DCD4593A4CDE4A98C78FBC18C231210075ECAB52B0DF8FE1F1D9245ECA3
                                                                                                                              Malicious:true
                                                                                                                              Reputation:low
                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WP.9.1.j.1.j.1.jHY.k.1.jHY.k.1.jHY.k.1.j.1.j.1.j.o.k.1.j.olj.1.j.o.k.1.jRich.1.j................PE..L....$D^.................v...b...@...9............@...........................$......l....@...........................................".H........... }...=...........................................................................................text....t.......v.................. ..`.rdata..j+.......,...z..............@..@.data....#..........................@....ndata...................................rsrc...H.....".....................@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              No static file info

                                                                                                                              Network Behavior

                                                                                                                              No network behavior found

                                                                                                                              Code Manipulations

                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              Analysis Process: cmd.exe PID: 488 Parent PID: 2160

                                                                                                                              General

                                                                                                                              Start time:03:39:44
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe' > cmdline.out 2>&1
                                                                                                                              Imagebase:0xbd0000
                                                                                                                              File size:232960 bytes
                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: conhost.exe PID: 4120 Parent PID: 488

                                                                                                                              General

                                                                                                                              Start time:03:39:44
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6b2800000
                                                                                                                              File size:625664 bytes
                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: wget.exe PID: 4228 Parent PID: 488

                                                                                                                              General

                                                                                                                              Start time:03:39:45
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Windows\SysWOW64\wget.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://github.com/SideQuestVR/SideQuest/releases/download/v0.10.18/SideQuest-Setup-0.10.18-x64-win.exe'
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:3895184 bytes
                                                                                                                              MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest-Setup-0.10.18-x64-win.exe PID: 5128 Parent PID: 5568

                                                                                                                              General

                                                                                                                              Start time:03:40:42
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:'C:\Users\user\Desktop\download\SideQuest-Setup-0.10.18-x64-win.exe'
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:60406464 bytes
                                                                                                                              MD5 hash:7D2DF347C736EF512461B7F8764FAE3E
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest.exe PID: 7096 Parent PID: 3388

                                                                                                                              General

                                                                                                                              Start time:03:41:32
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe'
                                                                                                                              Imagebase:0x7ff673090000
                                                                                                                              File size:104846752 bytes
                                                                                                                              MD5 hash:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 0%, Metadefender, Browse
                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest.exe PID: 4276 Parent PID: 7096

                                                                                                                              General

                                                                                                                              Start time:03:42:04
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=gpu-process --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12728197902706830190 --mojo-platform-channel-handle=1628 --ignored=' --type=renderer ' /prefetch:2
                                                                                                                              Imagebase:0x7ff673090000
                                                                                                                              File size:104846752 bytes
                                                                                                                              MD5 hash:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest.exe PID: 4000 Parent PID: 7096

                                                                                                                              General

                                                                                                                              Start time:03:42:36
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=utility --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --service-request-channel-token=3526878006382652745 --mojo-platform-channel-handle=1944 /prefetch:8
                                                                                                                              Imagebase:0x7ff673090000
                                                                                                                              File size:104846752 bytes
                                                                                                                              MD5 hash:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest.exe PID: 676 Parent PID: 7096

                                                                                                                              General

                                                                                                                              Start time:03:43:07
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --node-integration --webview-tag --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18296386878395334769 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
                                                                                                                              Imagebase:0x7ff673090000
                                                                                                                              File size:104846752 bytes
                                                                                                                              MD5 hash:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: SideQuest.exe PID: 6220 Parent PID: 7096

                                                                                                                              General

                                                                                                                              Start time:03:43:41
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:'C:\Users\user\AppData\Local\Programs\SideQuest\SideQuest.exe' --type=renderer --field-trial-handle=1608,7911317080851565483,16229294364268453853,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path='C:\Users\user\AppData\Local\Programs\SideQuest\resources\app.asar' --no-sandbox --no-zygote --background-color=#fff --guest-instance-id=2 --enable-blink-features --disable-blink-features --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8579970539687415093 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
                                                                                                                              Imagebase:0x7ff673090000
                                                                                                                              File size:104846752 bytes
                                                                                                                              MD5 hash:63573D4D9A8C29452F403D1550E5FE54
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: adb.exe PID: 3404 Parent PID: 7096

                                                                                                                              General

                                                                                                                              Start time:03:43:54
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe start-server
                                                                                                                              Imagebase:0x1250000
                                                                                                                              File size:5208992 bytes
                                                                                                                              MD5 hash:A6922D1B0CE58266497BA9DB1A35C900
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: conhost.exe PID: 6500 Parent PID: 3404

                                                                                                                              General

                                                                                                                              Start time:03:43:55
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6b2800000
                                                                                                                              File size:625664 bytes
                                                                                                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Analysis Process: adb.exe PID: 4168 Parent PID: 3404

                                                                                                                              General

                                                                                                                              Start time:03:43:58
                                                                                                                              Start date:07/01/2021
                                                                                                                              Path:C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:adb -L tcp:5037 fork-server server --reply-fd 636
                                                                                                                              Imagebase:0x1250000
                                                                                                                              File size:5208992 bytes
                                                                                                                              MD5 hash:A6922D1B0CE58266497BA9DB1A35C900
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low

                                                                                                                              Chronological Activities

                                                                                                                              Disassembly

                                                                                                                              Code Analysis

                                                                                                                              Reset < >

                                                                                                                                Analysis Process: SideQuest-Setup-0.10.18-x64-win.exe PID: 5128 Parent PID: 5568 SideQuest-Setup-0.10.18-x64-win.exeCOMMON

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:29%
                                                                                                                                Dynamic/Decrypted Code Coverage:3.5%
                                                                                                                                Signature Coverage:20.5%
                                                                                                                                Total number of Nodes:1574
                                                                                                                                Total number of Limit Nodes:44

                                                                                                                                Graph

                                                                                                                                execution_graph 4510 403f43 4511 403f4e 4510->4511 4512 403f52 4511->4512 4513 403f55 GlobalAlloc 4511->4513 4513->4512 4514 405844 lstrcpynW lstrlenW 4515 4027c4 4516 403312 17 API calls 4515->4516 4517 4027d2 4516->4517 4518 403312 17 API calls 4517->4518 4519 4027db 4518->4519 4520 403312 17 API calls 4519->4520 4521 4027e4 GetPrivateProfileStringW 4520->4521 4522 402803 4521->4522 3740 40314a SendMessageW 3741 403162 InvalidateRect 3740->3741 3742 40316f 3740->3742 3741->3742 4523 40464d GetDlgItem GetDlgItem 4524 4046a4 7 API calls 4523->4524 4534 404905 4523->4534 4525 404741 SendMessageW 4524->4525 4526 404755 DeleteObject 4524->4526 4525->4526 4527 404768 4526->4527 4528 406119 17 API calls 4527->4528 4530 4047aa 4527->4530 4531 40477a SendMessageW SendMessageW 4528->4531 4529 404a09 4533 404ac7 4529->4533 4536 4048fa 4529->4536 4543 404a5a SendMessageW 4529->4543 4532 4056fe 18 API calls 4530->4532 4531->4527 4535 4047c2 4532->4535 4538 404ae1 4533->4538 4539 404ad6 SendMessageW 4533->4539 4534->4529 4555 40497c 4534->4555 4577 4058c9 SendMessageW 4534->4577 4541 4056fe 18 API calls 4535->4541 4542 40594c 8 API calls 4536->4542 4537 4049f4 SendMessageW 4537->4529 4546 404af2 ImageList_Destroy 4538->4546 4547 404af9 4538->4547 4565 404b09 4538->4565 4539->4538 4562 4047ce 4541->4562 4544 404d20 4542->4544 4543->4536 4545 404a78 SendMessageW 4543->4545 4549 404a8e 4545->4549 4546->4547 4551 404b02 GlobalFree 4547->4551 4547->4565 4548 4048c0 GetWindowLongW SetWindowLongW 4550 4048dc 4548->4550 4556 404aa4 SendMessageW 4549->4556 4553 4048e7 ShowWindow 4550->4553 4554 4048ff 4550->4554 4551->4565 4552 404cd5 4552->4536 4558 404cec ShowWindow GetDlgItem ShowWindow 4552->4558 4575 4056e7 SendMessageW 4553->4575 4576 4056e7 SendMessageW 4554->4576 4555->4529 4555->4537 4556->4533 4557 4048b4 4557->4548 4557->4550 4558->4536 4561 404833 SendMessageW 4561->4562 4562->4548 4562->4557 4562->4561 4563 404880 SendMessageW 4562->4563 4564 404869 SendMessageW 4562->4564 4563->4562 4564->4562 4565->4552 4569 404b4d 4565->4569 4582 40569a 4565->4582 4567 404ca5 InvalidateRect 4567->4552 4568 404cc0 4567->4568 4573 405744 20 API calls 4568->4573 4570 404b8e SendMessageW 4569->4570 4571 404baa 4569->4571 4570->4571 4571->4567 4572 404c99 4571->4572 4574 404c3f SendMessageW SendMessageW 4571->4574 4572->4567 4573->4552 4574->4571 4575->4536 4576->4534 4578 405928 SendMessageW 4577->4578 4579 4058ea GetMessagePos ScreenToClient SendMessageW 4577->4579 4580 405920 4578->4580 4579->4580 4581 405925 4579->4581 4580->4555 4581->4578 4591 40708c lstrcpynW 4582->4591 4584 4056ad 4592 406a5b wsprintfW 4584->4592 4586 4056b7 4587 4014e3 79 API calls 4586->4587 4588 4056c0 4587->4588 4593 40708c lstrcpynW 4588->4593 4590 4056c7 4590->4569 4591->4584 4592->4586 4593->4590 4175 4019ce 4176 403312 17 API calls 4175->4176 4177 4019d5 4176->4177 4178 406af2 9 API calls 4177->4178 4179 4019f7 4178->4179 4180 401a12 4179->4180 4181 401a0a 4179->4181 4228 40708c lstrcpynW 4180->4228 4227 40708c lstrcpynW 4181->4227 4184 401a1d 4186 40699c 3 API calls 4184->4186 4185 401a10 4188 407252 5 API calls 4185->4188 4187 401a23 lstrcatW 4186->4187 4187->4185 4219 401a2f 4188->4219 4189 406a15 2 API calls 4189->4219 4191 4070fb 2 API calls 4191->4219 4192 401a43 CompareFileTime 4192->4219 4193 401b58 4194 405f97 24 API calls 4193->4194 4196 401b64 4194->4196 4195 401b30 4197 405f97 24 API calls 4195->4197 4198 40342f 31 API calls 4196->4198 4199 401b3c 4197->4199 4200 401b79 4198->4200 4202 406af2 9 API calls 4199->4202 4203 406af2 9 API calls 4200->4203 4201 40708c lstrcpynW 4201->4219 4206 401b24 4202->4206 4204 401b8d 4203->4204 4205 401b9e SetFileTime 4204->4205 4207 401baf FindCloseChangeNotification 4204->4207 4205->4207 4207->4206 4209 401bc1 4207->4209 4208 406119 17 API calls 4208->4219 4210 401bc6 4209->4210 4211 401bd7 4209->4211 4212 406119 17 API calls 4210->4212 4213 406119 17 API calls 4211->4213 4215 401bce lstrcatW 4212->4215 4214 401bdf 4213->4214 4217 406af2 9 API calls 4214->4217 4215->4214 4216 40701a MessageBoxIndirectW 4216->4219 4220 401bea 4217->4220 4218 401b02 4223 401b11 4218->4223 4224 406af2 9 API calls 4218->4224 4219->4189 4219->4191 4219->4192 4219->4193 4219->4195 4219->4201 4219->4208 4219->4216 4219->4218 4221 406af2 9 API calls 4219->4221 4226 406e83 GetFileAttributesW CreateFileW 4219->4226 4222 40701a MessageBoxIndirectW 4220->4222 4221->4219 4222->4206 4225 406af2 9 API calls 4223->4225 4224->4223 4225->4206 4226->4219 4227->4185 4228->4184 4234 4023d0 4235 4023e3 4234->4235 4236 4024c4 4234->4236 4237 403312 17 API calls 4235->4237 4238 405f97 24 API calls 4236->4238 4239 4023ea 4237->4239 4240 4024db 4238->4240 4241 403312 17 API calls 4239->4241 4242 406af2 9 API calls 4240->4242 4243 4023f2 4241->4243 4248 4024e5 4242->4248 4244 402409 LoadLibraryExW 4243->4244 4245 4023fc GetModuleHandleW 4243->4245 4246 40241d 4244->4246 4247 4024b8 4244->4247 4245->4244 4245->4246 4260 40650c WideCharToMultiByte 4246->4260 4249 405f97 24 API calls 4247->4249 4249->4236 4252 402431 4258 402444 4252->4258 4263 4033f1 4252->4263 4253 402474 4254 405f97 24 API calls 4253->4254 4256 402480 4254->4256 4257 406af2 9 API calls 4256->4257 4257->4258 4258->4248 4259 4024ac FreeLibrary 4258->4259 4259->4248 4261 406536 GetProcAddress 4260->4261 4262 402427 4260->4262 4261->4262 4262->4252 4262->4253 4264 405f97 24 API calls 4263->4264 4265 4033ff 4264->4265 4265->4258 4594 402051 4595 4032d6 17 API calls 4594->4595 4596 402058 4595->4596 4597 4032d6 17 API calls 4596->4597 4598 402061 GetDlgItem 4597->4598 4599 402c52 4600 4032d6 17 API calls 4599->4600 4611 402c63 4600->4611 4601 402e22 4602 402dd8 SetFilePointer 4604 402cb6 ReadFile 4604->4602 4604->4611 4605 406eb0 ReadFile 4605->4611 4606 402e18 4621 406a5b wsprintfW 4606->4621 4607 402cfb MultiByteToWideChar 4607->4611 4610 402d2c SetFilePointer MultiByteToWideChar 4610->4611 4611->4601 4611->4602 4611->4604 4611->4605 4611->4606 4611->4607 4611->4610 4612 40672b SetFilePointer 4611->4612 4613 406747 4612->4613 4616 406762 4612->4616 4614 406eb0 ReadFile 4613->4614 4615 406753 4614->4615 4615->4616 4617 406793 SetFilePointer 4615->4617 4618 40676b SetFilePointer 4615->4618 4616->4611 4617->4616 4618->4617 4619 406776 4618->4619 4620 406f77 WriteFile 4619->4620 4620->4616 4621->4601 4328 402a54 4339 403395 4328->4339 4331 403312 17 API calls 4332 402a67 4331->4332 4333 402a75 RegQueryValueExW 4332->4333 4337 401734 4332->4337 4334 402a9f 4333->4334 4335 402a98 4333->4335 4334->4337 4338 402a35 RegCloseKey 4334->4338 4335->4334 4344 406a5b wsprintfW 4335->4344 4338->4337 4340 403312 17 API calls 4339->4340 4341 4033ad 4340->4341 4342 406583 RegOpenKeyExW 4341->4342 4343 402a5e 4342->4343 4343->4331 4344->4334 4355 401f56 4356 4032d6 17 API calls 4355->4356 4357 401f5d 4356->4357 4358 4032d6 17 API calls 4357->4358 4359 401f6a 4358->4359 4360 401f7d 4359->4360 4361 403312 17 API calls 4359->4361 4362 401f92 4360->4362 4365 403312 17 API calls 4360->4365 4361->4360 4363 401fec 4362->4363 4364 401f9d 4362->4364 4367 403312 17 API calls 4363->4367 4366 4032d6 17 API calls 4364->4366 4365->4362 4368 401fa2 4366->4368 4369 401ff1 4367->4369 4370 4032d6 17 API calls 4368->4370 4371 403312 17 API calls 4369->4371 4372 401fad 4370->4372 4373 401ffa FindWindowExW 4371->4373 4374 401fba SendMessageTimeoutW 4372->4374 4375 401fdd SendMessageW 4372->4375 4376 402017 4373->4376 4374->4376 4375->4376 4627 401d57 ExpandEnvironmentStringsW 4628 401d65 4627->4628 4630 401d77 4627->4630 4629 401d6b lstrcmpW 4628->4629 4628->4630 4629->4630 4631 402ed8 4632 403312 17 API calls 4631->4632 4633 402ee4 4632->4633 4634 402efb 4633->4634 4635 403312 17 API calls 4633->4635 4636 4070fb 2 API calls 4634->4636 4635->4634 4637 402f01 4636->4637 4663 406e83 GetFileAttributesW CreateFileW 4637->4663 4639 402f0e 4640 402f20 GlobalAlloc 4639->4640 4641 402fd8 4639->4641 4643 402f40 4640->4643 4661 402fc8 CloseHandle 4640->4661 4642 406af2 9 API calls 4641->4642 4644 402fe4 4642->4644 4664 403418 SetFilePointer 4643->4664 4647 403000 4644->4647 4648 402fee DeleteFileW 4644->4648 4650 4033f1 24 API calls 4647->4650 4648->4647 4649 402f46 4651 403402 ReadFile 4649->4651 4655 403006 4650->4655 4652 402f50 GlobalAlloc 4651->4652 4653 402fa5 4652->4653 4654 402f66 4652->4654 4657 406f77 WriteFile 4653->4657 4656 40342f 31 API calls 4654->4656 4662 402f75 4656->4662 4658 402fb7 GlobalFree 4657->4658 4660 40342f 31 API calls 4658->4660 4659 402f9b GlobalFree 4659->4653 4660->4661 4661->4641 4662->4659 4663->4639 4664->4649 4377 40425a 4378 404293 4377->4378 4379 4042ca 4377->4379 4455 406fa8 GetDlgItemTextW 4378->4455 4381 4042d6 GetDlgItem GetAsyncKeyState 4379->4381 4382 404379 4379->4382 4384 4042f4 GetDlgItem 4381->4384 4389 404315 4381->4389 4385 40445d 4382->4385 4390 40462c 4382->4390 4395 406119 17 API calls 4382->4395 4383 40429e 4386 407252 5 API calls 4383->4386 4387 4056fe 18 API calls 4384->4387 4385->4390 4453 406fa8 GetDlgItemTextW 4385->4453 4392 4042a4 4386->4392 4388 404308 ShowWindow 4387->4388 4388->4389 4393 40432f SetWindowTextW 4389->4393 4398 407123 4 API calls 4389->4398 4397 40594c 8 API calls 4390->4397 4396 405a4c 5 API calls 4392->4396 4400 4056fe 18 API calls 4393->4400 4394 40448a 4399 406a74 18 API calls 4394->4399 4401 4043ea SHBrowseForFolderW 4395->4401 4402 4042a9 GetDlgItem 4396->4402 4403 404643 4397->4403 4404 404325 4398->4404 4405 404490 4399->4405 4406 404350 4400->4406 4401->4385 4407 404405 CoTaskMemFree 4401->4407 4402->4390 4408 4042b9 IsDlgButtonChecked 4402->4408 4404->4393 4412 40699c 3 API calls 4404->4412 4454 40708c lstrcpynW 4405->4454 4410 4056fe 18 API calls 4406->4410 4411 40699c 3 API calls 4407->4411 4408->4379 4414 40435f 4410->4414 4415 404412 4411->4415 4412->4393 4413 4044aa 4416 406e4e 5 API calls 4413->4416 4452 4056e7 SendMessageW 4414->4452 4418 404449 SetDlgItemTextW 4415->4418 4421 406119 17 API calls 4415->4421 4427 4044b0 4416->4427 4418->4385 4419 404365 4420 406e4e 5 API calls 4419->4420 4424 40436c 4420->4424 4425 404431 lstrcmpiW 4421->4425 4422 404504 4456 40708c lstrcpynW 4422->4456 4423 4044b8 GetDiskFreeSpaceExW 4423->4427 4439 404559 4423->4439 4424->4390 4428 404374 SHAutoComplete 4424->4428 4425->4418 4429 404442 lstrcatW 4425->4429 4427->4422 4427->4423 4432 407225 2 API calls 4427->4432 4436 4044ff 4427->4436 4428->4382 4429->4418 4430 40450b 4431 407123 4 API calls 4430->4431 4433 404511 4431->4433 4432->4427 4434 404515 4433->4434 4435 40451a GetDiskFreeSpaceW 4433->4435 4434->4435 4437 404579 4435->4437 4438 404539 MulDiv 4435->4438 4436->4422 4437->4439 4438->4439 4440 4045d8 4439->4440 4457 405744 4439->4457 4442 4045fb 4440->4442 4443 4014e3 79 API calls 4440->4443 4465 405687 KiUserCallbackDispatcher 4442->4465 4443->4442 4445 4045be 4447 4045c4 4445->4447 4448 4045da SetDlgItemTextW 4445->4448 4446 40461b 4446->4390 4450 404627 4446->4450 4449 405744 20 API calls 4447->4449 4448->4440 4449->4440 4466 405720 SendMessageW 4450->4466 4452->4419 4453->4394 4454->4413 4455->4383 4456->4430 4458 405759 4457->4458 4459 406119 17 API calls 4458->4459 4460 4057ed 4459->4460 4461 406119 17 API calls 4460->4461 4462 4057f9 4461->4462 4463 406119 17 API calls 4462->4463 4464 405805 lstrlenW wsprintfW SetDlgItemTextW 4463->4464 4464->4445 4465->4446 4466->4390 4665 402e5d 4666 402e63 4665->4666 4667 402e6b FindClose 4666->4667 4668 40316f 4666->4668 4667->4668 4669 40305f 4670 4032d6 17 API calls 4669->4670 4672 402e56 4670->4672 4671 403091 4673 4030b6 4671->4673 4674 4030a6 4671->4674 4672->4669 4672->4671 4675 401734 4672->4675 4677 406119 17 API calls 4673->4677 4676 4032d6 17 API calls 4674->4676 4676->4675 4677->4675 4678 32713b8 4679 327143a 2 API calls 4678->4679 4680 32713e4 4679->4680 4681 32710d0 29 API calls 4680->4681 4682 32713ee 4681->4682 4683 32714cf 3 API calls 4682->4683 4684 32713f7 4683->4684 4685 402b63 4686 403312 17 API calls 4685->4686 4688 401c8d 4686->4688 4688->4685 4689 402b81 4688->4689 4690 406e83 GetFileAttributesW CreateFileW 4688->4690 4690->4688 4691 402ae7 4692 403395 17 API calls 4691->4692 4693 402af1 4692->4693 4694 4032d6 17 API calls 4693->4694 4695 402afa 4694->4695 4696 402b28 RegEnumValueW 4695->4696 4697 402b1c RegEnumKeyW 4695->4697 4699 401734 4695->4699 4698 402ab4 4696->4698 4696->4699 4697->4698 4698->4699 4700 402a35 RegCloseKey 4698->4700 4700->4699 3743 4024ea 3744 403312 17 API calls 3743->3744 3745 4024f1 3744->3745 3746 403312 17 API calls 3745->3746 3747 4024fc 3746->3747 3748 403312 17 API calls 3747->3748 3749 402507 3748->3749 3750 403312 17 API calls 3749->3750 3751 402512 3750->3751 3752 403312 17 API calls 3751->3752 3753 402522 3752->3753 3754 402567 3753->3754 3755 403312 17 API calls 3753->3755 3756 406af2 9 API calls 3754->3756 3755->3754 3757 402584 CoCreateInstance 3756->3757 3758 4025a9 3757->3758 4701 401e6a 4702 403312 17 API calls 4701->4702 4703 401e71 4702->4703 4704 4032d6 17 API calls 4703->4704 4705 401e7a wsprintfW 4704->4705 4706 4020eb GetDC 4707 4032d6 17 API calls 4706->4707 4708 4020fb GetDeviceCaps MulDiv ReleaseDC 4707->4708 4709 4032d6 17 API calls 4708->4709 4710 40212b 4709->4710 4711 406119 17 API calls 4710->4711 4712 402165 CreateFontIndirectW 4711->4712 4713 4030eb 4714 4032d6 17 API calls 4713->4714 4715 4030f1 4714->4715 4716 406119 17 API calls 4715->4716 4717 401734 4715->4717 4716->4717 3818 4039ed SetErrorMode GetVersion 3819 403a28 3818->3819 3820 403a2e 3818->3820 3821 406e4e 5 API calls 3819->3821 3822 40643f 3 API calls 3820->3822 3821->3820 3823 403a44 lstrlenA 3822->3823 3823->3820 3824 403a53 3823->3824 3825 406e4e 5 API calls 3824->3825 3826 403a5a 3825->3826 3827 406e4e 5 API calls 3826->3827 3828 403a61 3827->3828 3829 406e4e 5 API calls 3828->3829 3830 403a6d #17 OleInitialize SHGetFileInfoW 3829->3830 3909 40708c lstrcpynW 3830->3909 3833 403abd GetCommandLineW 3910 40708c lstrcpynW 3833->3910 3835 403acf 3836 406a3c CharNextW 3835->3836 3837 403af5 CharNextW 3836->3837 3838 403bb3 GetTempPathW 3837->3838 3849 403b0c 3837->3849 3911 403ea0 3838->3911 3840 403bcb 3841 403c25 DeleteFileW 3840->3841 3842 403bcf GetWindowsDirectoryW lstrcatW 3840->3842 3921 4036d7 GetTickCount GetModuleFileNameW 3841->3921 3844 403ea0 12 API calls 3842->3844 3847 403beb 3844->3847 3845 406a3c CharNextW 3845->3849 3846 403c38 3848 403cbe 3846->3848 3851 403ca7 3846->3851 3857 406a3c CharNextW 3846->3857 3847->3841 3850 403bef GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3847->3850 4008 4039c3 3848->4008 3849->3845 3853 403b9f 3849->3853 3855 403b9d 3849->3855 3852 403ea0 12 API calls 3850->3852 3949 405c70 3851->3949 3854 403c1d 3852->3854 4019 40708c lstrcpynW 3853->4019 3854->3841 3854->3848 3855->3838 3870 403c56 3857->3870 3860 403cb5 3862 406b24 7 API calls 3860->3862 3862->3848 3863 403de8 4015 40701a 3863->4015 3864 403dfb 3865 403e08 GetCurrentProcess OpenProcessToken 3864->3865 3866 403df3 ExitProcess 3864->3866 3868 403e20 LookupPrivilegeValueW AdjustTokenPrivileges 3865->3868 3869 403e59 3865->3869 3868->3869 3874 406e4e 5 API calls 3869->3874 3871 403cc3 3870->3871 3872 403c7b 3870->3872 3875 4067a3 5 API calls 3871->3875 4020 406a74 3872->4020 3877 403e60 3874->3877 3878 403cc8 lstrcatW 3875->3878 3880 403e78 ExitWindowsEx 3877->3880 3884 403e85 3877->3884 3881 403ce9 lstrcatW lstrcmpiW 3878->3881 3882 403cde lstrcatW 3878->3882 3880->3866 3880->3884 3881->3848 3885 403d08 3881->3885 3882->3881 3889 4014e3 79 API calls 3884->3889 3886 403d14 3885->3886 3887 403d0d 3885->3887 3892 40607b 2 API calls 3886->3892 3890 40609b 4 API calls 3887->3890 3888 403c9c 4035 40708c lstrcpynW 3888->4035 3889->3866 3893 403d12 3890->3893 3894 403d19 SetCurrentDirectoryW 3892->3894 3893->3894 3895 403d39 3894->3895 3896 403d2a 3894->3896 4037 40708c lstrcpynW 3895->4037 4036 40708c lstrcpynW 3896->4036 3899 406119 17 API calls 3900 403d69 DeleteFileW 3899->3900 3901 403d74 CopyFileW 3900->3901 3906 403d47 3900->3906 3901->3906 3902 403dce 3904 4064e0 36 API calls 3902->3904 3903 4064e0 36 API calls 3903->3906 3904->3848 3905 406119 17 API calls 3905->3906 3906->3899 3906->3902 3906->3903 3906->3905 3908 403db9 CloseHandle 3906->3908 4038 406be0 CreateProcessW 3906->4038 3908->3906 3909->3833 3910->3835 3912 407252 5 API calls 3911->3912 3914 403eac 3912->3914 3913 403eb6 3913->3840 3914->3913 4041 40699c lstrlenW CharPrevW 3914->4041 3917 40607b 2 API calls 3918 403ec4 3917->3918 4044 406fc4 3918->4044 4048 406e83 GetFileAttributesW CreateFileW 3921->4048 3923 403719 3924 403726 3923->3924 4049 40708c lstrcpynW 3923->4049 3924->3846 3926 40373c 4050 407225 lstrlenW 3926->4050 3930 40374d GetFileSize 3931 403766 3930->3931 3945 403856 3930->3945 3931->3924 3936 40392c 3931->3936 3943 403673 6 API calls 3931->3943 3931->3945 4088 403402 3931->4088 3933 403865 3933->3924 3935 4038a6 GlobalAlloc 3933->3935 4066 403418 SetFilePointer 3933->4066 4067 403418 SetFilePointer 3935->4067 3938 403673 6 API calls 3936->3938 3938->3924 3940 403882 3942 406eb0 ReadFile 3940->3942 3941 4038c3 4068 40342f 3941->4068 3946 403894 3942->3946 3943->3931 4055 403673 3945->4055 3946->3924 3946->3935 3947 4038d2 3947->3924 3947->3947 3948 403902 SetFilePointer 3947->3948 3948->3924 3950 406e4e 5 API calls 3949->3950 3951 405c84 3950->3951 3952 405c8d 3951->3952 3953 405c9f 3951->3953 4104 406a5b wsprintfW 3952->4104 3954 406ee1 3 API calls 3953->3954 3955 405cce 3954->3955 3957 405ced lstrcatW 3955->3957 3958 406ee1 3 API calls 3955->3958 3959 405c9d 3957->3959 3958->3957 4096 405ba6 3959->4096 3962 406a74 18 API calls 3963 405d1f 3962->3963 3964 405db9 3963->3964 3966 406ee1 3 API calls 3963->3966 3965 406a74 18 API calls 3964->3965 3967 405dbf 3965->3967 3968 405d52 3966->3968 3969 405dcf 3967->3969 3970 406119 17 API calls 3967->3970 3968->3964 3974 405d76 lstrlenW 3968->3974 3980 406a3c CharNextW 3968->3980 3971 405dee LoadImageW 3969->3971 4106 405a4c 3969->4106 3970->3969 3972 405e9a 3971->3972 3973 405e1d RegisterClassW 3971->3973 3979 4014e3 79 API calls 3972->3979 3978 405e4d SystemParametersInfoW CreateWindowExW 3973->3978 4007 405ea4 3973->4007 3975 405d86 lstrcmpiW 3974->3975 3976 405dac 3974->3976 3975->3976 3981 405d96 GetFileAttributesW 3975->3981 3983 40699c 3 API calls 3976->3983 3978->3972 3987 405ea0 3979->3987 3984 405d71 3980->3984 3985 405da2 3981->3985 3982 405de8 3982->3971 3986 405db2 3983->3986 3984->3974 3985->3976 3988 407225 2 API calls 3985->3988 4105 40708c lstrcpynW 3986->4105 3990 405ba6 18 API calls 3987->3990 3987->4007 3988->3976 3991 405eb1 3990->3991 3992 405f46 3991->3992 3993 405ebd ShowWindow 3991->3993 3994 405a6d 82 API calls 3992->3994 3995 40643f 3 API calls 3993->3995 3996 405f4c 3994->3996 3997 405ed5 3995->3997 3999 405f50 3996->3999 4000 405f68 3996->4000 3998 405ee3 GetClassInfoW 3997->3998 4001 40643f 3 API calls 3997->4001 4003 405f14 DialogBoxParamW 3998->4003 4004 405ef6 GetClassInfoW RegisterClassW 3998->4004 4006 4014e3 79 API calls 3999->4006 3999->4007 4002 4014e3 79 API calls 4000->4002 4001->3998 4002->4007 4005 4014e3 79 API calls 4003->4005 4004->4003 4005->4007 4006->4007 4007->3860 4009 4039db 4008->4009 4010 4039cd CloseHandle 4008->4010 4113 403f0e 4009->4113 4010->4009 4016 40702f 4015->4016 4017 40707d 4016->4017 4018 407045 MessageBoxIndirectW 4016->4018 4017->3866 4018->4017 4019->3838 4174 40708c lstrcpynW 4020->4174 4022 406a85 4023 407123 4 API calls 4022->4023 4024 406a8b 4023->4024 4025 403c89 4024->4025 4026 407252 5 API calls 4024->4026 4025->3848 4034 40708c lstrcpynW 4025->4034 4031 406a9b 4026->4031 4027 406acb lstrlenW 4028 406ad7 4027->4028 4027->4031 4029 40699c 3 API calls 4028->4029 4032 406adc GetFileAttributesW 4029->4032 4030 406a15 2 API calls 4030->4031 4031->4025 4031->4027 4031->4030 4033 407225 2 API calls 4031->4033 4032->4025 4033->4027 4034->3888 4035->3851 4036->3895 4037->3906 4039 406c13 CloseHandle 4038->4039 4040 406c1f 4038->4040 4039->4040 4040->3906 4042 403ebe 4041->4042 4043 4069b9 lstrcatW 4041->4043 4042->3917 4043->4042 4045 406fd1 GetTickCount GetTempFileNameW 4044->4045 4046 403ecf 4045->4046 4047 407007 4045->4047 4046->3840 4047->4045 4047->4046 4048->3923 4049->3926 4051 407234 4050->4051 4052 403742 4051->4052 4053 40723a CharPrevW 4051->4053 4054 40708c lstrcpynW 4052->4054 4053->4051 4053->4052 4054->3930 4056 403692 4055->4056 4057 40367a 4055->4057 4060 4036a3 GetTickCount 4056->4060 4061 40369b 4056->4061 4058 403683 DestroyWindow 4057->4058 4059 40368a 4057->4059 4058->4059 4059->3933 4062 4036b1 CreateDialogParamW ShowWindow 4060->4062 4063 4036d6 4060->4063 4091 4064b0 4061->4091 4062->4063 4063->3933 4066->3940 4067->3941 4069 403476 4068->4069 4070 403469 4068->4070 4072 406eb0 ReadFile 4069->4072 4095 403418 SetFilePointer 4070->4095 4073 403488 4072->4073 4074 4034a1 GetTickCount 4073->4074 4075 403614 4073->4075 4080 40348c 4073->4080 4079 4034f2 4074->4079 4074->4080 4076 403657 4075->4076 4082 403618 4075->4082 4077 403402 ReadFile 4076->4077 4077->4080 4078 403402 ReadFile 4078->4079 4079->4078 4079->4080 4084 403549 GetTickCount 4079->4084 4085 40357a MulDiv wsprintfW 4079->4085 4087 406f77 WriteFile 4079->4087 4080->3947 4081 403402 ReadFile 4081->4082 4082->4080 4082->4081 4083 406f77 WriteFile 4082->4083 4083->4082 4084->4079 4086 405f97 24 API calls 4085->4086 4086->4079 4087->4079 4089 406eb0 ReadFile 4088->4089 4090 403415 4089->4090 4090->3931 4092 4064c2 PeekMessageW 4091->4092 4093 4064b8 DispatchMessageW 4092->4093 4094 4036a2 4092->4094 4093->4092 4094->3933 4095->4069 4097 405bba 4096->4097 4111 406a5b wsprintfW 4097->4111 4099 405c3c 4100 405f78 18 API calls 4099->4100 4102 405c41 4100->4102 4101 405c6a 4101->3962 4102->4101 4103 406119 17 API calls 4102->4103 4103->4102 4104->3959 4105->3964 4112 40708c lstrcpynW 4106->4112 4108 405a60 4109 40699c 3 API calls 4108->4109 4110 405a66 lstrcatW 4109->4110 4110->3982 4111->4099 4112->4108 4114 403f1c 4113->4114 4115 4039e0 4114->4115 4116 403f21 FreeLibrary GlobalFree 4114->4116 4117 406c25 4115->4117 4116->4115 4116->4116 4118 406a74 18 API calls 4117->4118 4119 406c47 4118->4119 4120 406c50 DeleteFileW 4119->4120 4121 406c67 4119->4121 4158 4039ec OleUninitialize 4120->4158 4123 406db0 4121->4123 4148 406dcd 4121->4148 4161 40708c lstrcpynW 4121->4161 4130 406a15 2 API calls 4123->4130 4123->4148 4123->4158 4124 406c8f 4125 406ca7 4124->4125 4126 406c99 lstrcatW 4124->4126 4129 407225 2 API calls 4125->4129 4128 406cad 4126->4128 4127 406af2 9 API calls 4127->4158 4131 406cbe lstrcatW 4128->4131 4133 406cc6 lstrlenW FindFirstFileW 4128->4133 4129->4128 4132 406ddb 4130->4132 4131->4133 4134 40699c 3 API calls 4132->4134 4132->4158 4133->4123 4157 406cef 4133->4157 4135 406de5 4134->4135 4136 406af2 9 API calls 4135->4136 4137 406df0 4136->4137 4140 4069cb 5 API calls 4137->4140 4138 406d92 FindNextFileW 4141 406da9 FindClose 4138->4141 4138->4157 4142 406dfe 4140->4142 4141->4123 4144 406e03 4142->4144 4145 406e3a 4142->4145 4143 406af2 9 API calls 4143->4157 4144->4148 4149 406e07 4144->4149 4147 405f97 24 API calls 4145->4147 4146 406c25 66 API calls 4146->4157 4147->4158 4148->4127 4151 406af2 9 API calls 4149->4151 4152 406e11 4151->4152 4153 405f97 24 API calls 4152->4153 4155 406e1b 4153->4155 4154 405f97 24 API calls 4154->4138 4156 4064e0 36 API calls 4155->4156 4156->4158 4157->4138 4157->4143 4157->4146 4157->4154 4159 405f97 24 API calls 4157->4159 4160 4064e0 36 API calls 4157->4160 4162 40708c lstrcpynW 4157->4162 4163 4069cb 4157->4163 4158->3863 4158->3864 4159->4157 4160->4157 4161->4124 4162->4157 4171 4070fb GetFileAttributesW 4163->4171 4166 4069f6 DeleteFileW 4168 4069ed 4166->4168 4167 4069e7 RemoveDirectoryW 4167->4168 4169 4069f1 4168->4169 4170 406a04 SetFileAttributesW 4168->4170 4169->4157 4170->4169 4172 4069d7 4171->4172 4173 40710d SetFileAttributesW 4171->4173 4172->4166 4172->4167 4172->4169 4173->4172 4174->4022 4718 401c6f 4719 403312 17 API calls 4718->4719 4720 401c0a 4719->4720 4721 406af2 9 API calls 4720->4721 4723 401c1b 4720->4723 4722 401c0f 4721->4722 4724 406c25 73 API calls 4722->4724 4724->4723 4725 402070 4726 4032d6 17 API calls 4725->4726 4727 40207e SetWindowLongW 4726->4727 4728 40316f 4727->4728 4729 4022f2 4730 403312 17 API calls 4729->4730 4731 4022f9 4730->4731 4732 406a15 2 API calls 4731->4732 4733 4022ff 4732->4733 4734 40230e 4733->4734 4736 406a5b wsprintfW 4733->4736 4736->4734 4737 4050f3 4738 405103 4737->4738 4739 405129 4737->4739 4740 4056fe 18 API calls 4738->4740 4741 40594c 8 API calls 4739->4741 4742 405110 SetDlgItemTextW 4740->4742 4743 405135 4741->4743 4742->4739 4744 405af3 4745 405b04 4744->4745 4746 405b18 4744->4746 4747 405b42 4745->4747 4748 405b0a 4745->4748 4749 405b25 IsWindowVisible 4746->4749 4753 405b3c 4746->4753 4752 405b64 CallWindowProcW 4747->4752 4750 4056cc SendMessageW 4748->4750 4749->4747 4751 405b32 4749->4751 4754 405b14 4750->4754 4755 4058c9 5 API calls 4751->4755 4752->4754 4753->4752 4756 40569a 79 API calls 4753->4756 4755->4753 4756->4752 4345 402175 4346 4032d6 17 API calls 4345->4346 4347 40217b 4346->4347 4348 4032d6 17 API calls 4347->4348 4349 402184 4348->4349 4350 402198 4349->4350 4353 406af2 9 API calls 4349->4353 4351 4021a1 ShowWindow 4350->4351 4352 4021ac EnableWindow 4350->4352 4354 40316f 4351->4354 4352->4354 4353->4350 4757 402277 4758 403312 17 API calls 4757->4758 4759 40227d 4758->4759 4760 406af2 9 API calls 4759->4760 4761 40228a 4760->4761 4762 405f97 24 API calls 4761->4762 4763 402294 4762->4763 4764 406be0 2 API calls 4763->4764 4765 40229a 4764->4765 4766 406af2 9 API calls 4765->4766 4768 4022e8 4765->4768 4767 4022ab 4766->4767 4769 4022dc CloseHandle 4767->4769 4774 4067bb WaitForSingleObject 4767->4774 4769->4768 4771 4022ba 4772 4022ca 4771->4772 4779 406a5b wsprintfW 4771->4779 4772->4769 4775 4067d2 4774->4775 4776 4067e8 GetExitCodeProcess 4775->4776 4777 4064b0 2 API calls 4775->4777 4776->4771 4778 4067d9 WaitForSingleObject 4777->4778 4778->4775 4779->4772 4780 402e77 4781 402e7d 4780->4781 4782 402e85 FindNextFileW 4781->4782 4783 4019a5 4781->4783 4782->4783 4784 40587b lstrlenW WideCharToMultiByte 4785 401bfc 4786 403312 17 API calls 4785->4786 4787 401c02 4786->4787 4788 406af2 9 API calls 4787->4788 4789 401c0f 4788->4789 4790 406c25 73 API calls 4789->4790 4791 401c1b 4790->4791 4792 401000 4793 401039 BeginPaint GetClientRect 4792->4793 4794 40100a DefWindowProcW 4792->4794 4796 40110f 4793->4796 4797 40119a 4794->4797 4798 401117 4796->4798 4799 40107e CreateBrushIndirect FillRect DeleteObject 4796->4799 4800 401185 EndPaint 4798->4800 4801 40111d CreateFontIndirectW 4798->4801 4799->4796 4800->4797 4801->4800 4802 401130 6 API calls 4801->4802 4802->4800 4803 401c80 4804 403312 17 API calls 4803->4804 4805 401c87 lstrlenW 4804->4805 4807 401c8d 4805->4807 4806 403312 17 API calls 4806->4807 4807->4806 4809 402b81 4807->4809 4810 406e83 GetFileAttributesW CreateFileW 4807->4810 4810->4807 4811 401982 4812 403312 17 API calls 4811->4812 4813 401989 SearchPathW 4812->4813 4814 4019a5 4813->4814 3701 402688 3702 403312 17 API calls 3701->3702 3703 40268e 3702->3703 3704 403312 17 API calls 3703->3704 3705 402697 3704->3705 3706 403312 17 API calls 3705->3706 3707 4026a0 3706->3707 3708 406af2 9 API calls 3707->3708 3709 4026ae 3708->3709 3710 406a15 2 API calls 3709->3710 3714 4026b7 3710->3714 3711 4026c8 lstrlenW lstrlenW 3712 405f97 24 API calls 3711->3712 3715 40270f SHFileOperationW 3712->3715 3713 405f97 24 API calls 3713->3714 3714->3711 3714->3713 3716 40316f 3714->3716 3715->3714 3715->3716 3717 401e88 3718 401e98 3717->3718 3719 401ef3 3717->3719 3720 401ed9 3718->3720 3726 401ea7 3718->3726 3721 401f28 GlobalAlloc 3719->3721 3722 401efd 3719->3722 3724 406af2 9 API calls 3720->3724 3723 406119 17 API calls 3721->3723 3736 40708c lstrcpynW 3722->3736 3732 401ed4 3723->3732 3725 401ee4 3724->3725 3728 406119 17 API calls 3725->3728 3737 40708c lstrcpynW 3726->3737 3728->3719 3730 401f15 GlobalFree 3730->3732 3731 401eb6 3738 40708c lstrcpynW 3731->3738 3734 401ec5 3739 40708c lstrcpynW 3734->3739 3736->3730 3737->3731 3738->3734 3739->3732 4815 40300b 4816 40304d 4815->4816 4817 40300f 4815->4817 4818 403312 17 API calls 4816->4818 4819 406af2 9 API calls 4817->4819 4823 40303c 4818->4823 4820 40301a 4819->4820 4821 406af2 9 API calls 4820->4821 4822 40302e 4821->4822 4824 403041 4822->4824 4825 403037 4822->4825 4827 406b24 7 API calls 4824->4827 4826 405a4c 5 API calls 4825->4826 4826->4823 4827->4823 4828 402b8c 4829 402bb0 4828->4829 4830 402bcf 4828->4830 4833 4032d6 17 API calls 4829->4833 4831 402bd4 4830->4831 4832 402bfd 4830->4832 4834 403312 17 API calls 4831->4834 4835 403312 17 API calls 4832->4835 4841 402bb6 4833->4841 4836 402bdb WideCharToMultiByte lstrlenA 4834->4836 4837 402c04 lstrlenW 4835->4837 4836->4841 4837->4841 4838 402c43 4839 402c33 4839->4838 4840 406f77 WriteFile 4839->4840 4840->4838 4841->4838 4841->4839 4842 40672b 5 API calls 4841->4842 4842->4839 4229 40208e GetDlgItem GetClientRect 4230 403312 17 API calls 4229->4230 4231 4020c1 LoadImageW SendMessageW 4230->4231 4232 4020df DeleteObject 4231->4232 4233 40316f 4231->4233 4232->4233 4266 3271377 4273 327143a 4266->4273 4274 32713a3 4273->4274 4277 3271443 4273->4277 4278 32710d0 GetVersionExW 4274->4278 4275 3271473 GlobalFree 4275->4274 4276 327145f lstrcpynW 4276->4275 4277->4274 4277->4275 4277->4276 4279 327110a 4278->4279 4289 3271100 4278->4289 4280 3271115 4279->4280 4281 327112c LoadLibraryW 4279->4281 4282 3271227 LoadLibraryA 4280->4282 4280->4289 4283 3271145 GetProcAddress 4281->4283 4294 32711af 4281->4294 4285 327123f GetProcAddress GetProcAddress GetProcAddress 4282->4285 4282->4289 4284 3271158 LocalAlloc 4283->4284 4291 3271198 4283->4291 4286 3271193 4284->4286 4288 327133a FreeLibrary 4285->4288 4302 327126e 4285->4302 4290 3271166 NtQuerySystemInformation 4286->4290 4286->4291 4287 32711a4 FreeLibrary 4287->4294 4288->4289 4304 32714cf wsprintfW 4289->4304 4290->4287 4293 3271179 LocalFree 4290->4293 4291->4287 4292 32711c9 lstrcpynW lstrcmpiW 4292->4294 4293->4291 4296 327118a LocalAlloc 4293->4296 4294->4289 4294->4292 4295 3271219 LocalFree 4294->4295 4297 32711f9 4294->4297 4295->4289 4296->4286 4297->4294 4307 327103f OpenProcess 4297->4307 4299 3271333 CloseHandle 4299->4288 4300 32712a8 lstrlenW 4300->4302 4301 32712c9 lstrlenA MultiByteToWideChar lstrcmpiW 4301->4302 4302->4288 4302->4299 4302->4300 4302->4301 4303 327103f 8 API calls 4302->4303 4303->4302 4320 3271489 4304->4320 4308 3271060 4307->4308 4309 32710cb 4307->4309 4310 32710ac TerminateProcess 4308->4310 4311 327106b EnumWindows 4308->4311 4309->4297 4312 32710be CloseHandle 4310->4312 4313 32710a7 4310->4313 4311->4310 4314 327107f GetExitCodeProcess 4311->4314 4317 3271007 GetWindowThreadProcessId 4311->4317 4312->4309 4313->4312 4314->4313 4315 327108e 4314->4315 4315->4313 4316 3271097 WaitForSingleObject 4315->4316 4316->4310 4316->4313 4318 3271036 4317->4318 4319 3271024 PostMessageW 4317->4319 4319->4318 4321 3271492 GlobalAlloc lstrcpynW 4320->4321 4322 32713b6 4320->4322 4321->4322 4843 402813 4844 40281c 4843->4844 4845 402863 4844->4845 4846 402826 4844->4846 4847 403312 17 API calls 4845->4847 4848 403395 17 API calls 4846->4848 4849 40286a 4847->4849 4850 40282d 4848->4850 4851 406af2 9 API calls 4849->4851 4852 403312 17 API calls 4850->4852 4854 40288c 4850->4854 4853 402878 4851->4853 4855 40283a RegDeleteValueW 4852->4855 4859 403350 4853->4859 4857 406af2 9 API calls 4855->4857 4858 402857 RegCloseKey 4857->4858 4858->4854 4860 40335d 4859->4860 4861 403364 4859->4861 4860->4854 4861->4860 4863 401434 4861->4863 4864 406583 RegOpenKeyExW 4863->4864 4866 401463 4864->4866 4865 401483 RegEnumKeyW 4865->4866 4867 40149e RegCloseKey 4865->4867 4866->4865 4866->4867 4868 4014bf RegCloseKey 4866->4868 4870 401434 6 API calls 4866->4870 4873 4014b2 4866->4873 4869 406e4e 5 API calls 4867->4869 4868->4873 4871 4014ae 4869->4871 4870->4866 4872 4014cf RegDeleteKeyW 4871->4872 4871->4873 4872->4873 4873->4860 4874 401c93 4875 4032d6 17 API calls 4874->4875 4876 401c9a 4875->4876 4877 4032d6 17 API calls 4876->4877 4878 401ca5 4877->4878 4879 403312 17 API calls 4878->4879 4880 401cb0 lstrlenW 4879->4880 4881 401ccd 4880->4881 4882 401cf8 4880->4882 4881->4882 4886 40708c lstrcpynW 4881->4886 4884 401cec 4884->4882 4885 401cf0 lstrlenW 4884->4885 4885->4882 4886->4884 4887 401d93 4888 4032d6 17 API calls 4887->4888 4889 401d9d 4888->4889 4890 4032d6 17 API calls 4889->4890 4891 401885 4890->4891 4892 401d16 4893 403312 17 API calls 4892->4893 4894 401d1d 4893->4894 4895 403312 17 API calls 4894->4895 4896 401d26 4895->4896 4897 401d41 lstrcmpW 4896->4897 4898 401d2e lstrcmpiW 4896->4898 4899 401d34 4897->4899 4900 401c53 4897->4900 4898->4899 4899->4897 4899->4900 4901 403f96 4902 4056fe 18 API calls 4901->4902 4903 404009 4902->4903 4904 4056fe 18 API calls 4903->4904 4905 404018 CheckDlgButton 4904->4905 4913 405687 KiUserCallbackDispatcher 4905->4913 4907 404030 GetDlgItem 4914 4056e7 SendMessageW 4907->4914 4909 404044 SendMessageW 4910 404060 GetSysColor 4909->4910 4911 404069 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4909->4911 4910->4911 4912 404250 4911->4912 4913->4907 4914->4909 4467 40289a 4468 403312 17 API calls 4467->4468 4469 4028b1 4468->4469 4470 403312 17 API calls 4469->4470 4471 4028bc 4470->4471 4500 406550 4471->4500 4474 402a40 4476 406af2 9 API calls 4474->4476 4475 402903 4477 403312 17 API calls 4475->4477 4490 402959 4475->4490 4484 402a4c 4476->4484 4478 40291b lstrlenW 4477->4478 4479 40293d 4478->4479 4480 40294f 4478->4480 4485 406af2 9 API calls 4479->4485 4486 406af2 9 API calls 4480->4486 4481 4032d6 17 API calls 4488 402972 4481->4488 4482 4029fe RegSetValueExW 4487 402a21 4482->4487 4491 402a1b RegCloseKey 4482->4491 4483 40342f 31 API calls 4489 4029ac 4483->4489 4499 402947 4485->4499 4486->4490 4492 406af2 9 API calls 4487->4492 4493 406af2 9 API calls 4488->4493 4504 4067ff 4489->4504 4490->4481 4496 402990 4490->4496 4491->4484 4492->4491 4493->4496 4496->4482 4496->4483 4498 406af2 9 API calls 4498->4499 4499->4482 4501 40655f 4500->4501 4502 4028ec 4501->4502 4503 406568 RegCreateKeyExW 4501->4503 4502->4474 4502->4475 4503->4502 4505 406823 4504->4505 4506 406861 4505->4506 4507 406836 wsprintfW 4505->4507 4508 4029c4 4506->4508 4509 40686d lstrcatW 4506->4509 4507->4506 4507->4507 4508->4498 4509->4508 3335 4051a0 3336 4052f6 3335->3336 3337 4051bb 3335->3337 3339 40530e GetDlgItem GetDlgItem 3336->3339 3344 405347 3336->3344 3337->3336 3338 4051c7 3337->3338 3340 4051d2 SetWindowPos 3338->3340 3341 4051e5 3338->3341 3404 4056fe 3339->3404 3340->3341 3346 405205 3341->3346 3347 4051ee ShowWindow 3341->3347 3343 40539e 3353 4052f1 3343->3353 3410 4056cc 3343->3410 3344->3343 3352 4013af 79 API calls 3344->3352 3349 405224 3346->3349 3350 40520d DestroyWindow 3346->3350 3347->3346 3348 405331 KiUserCallbackDispatcher 3407 4014e3 3348->3407 3355 405229 SetWindowLongW 3349->3355 3356 40523a 3349->3356 3354 40562d 3350->3354 3357 405377 3352->3357 3354->3353 3367 40566d ShowWindow 3354->3367 3355->3353 3360 4052ce 3356->3360 3361 405246 GetDlgItem 3356->3361 3357->3343 3362 40537b SendMessageW 3357->3362 3358 4014e3 79 API calls 3375 4053b0 3358->3375 3359 405635 DestroyWindow KiUserCallbackDispatcher 3359->3354 3444 40594c 3360->3444 3364 405278 3361->3364 3365 40525b SendMessageW IsWindowEnabled 3361->3365 3362->3353 3368 40528b 3364->3368 3369 4052d0 SendMessageW 3364->3369 3370 40529f 3364->3370 3378 405283 3364->3378 3365->3353 3365->3364 3367->3353 3368->3369 3368->3378 3369->3360 3373 4052b6 3370->3373 3374 4052a8 3370->3374 3371 4056fe 18 API calls 3371->3375 3377 4014e3 79 API calls 3373->3377 3376 4014e3 79 API calls 3374->3376 3375->3353 3375->3358 3375->3359 3375->3371 3379 4056fe 18 API calls 3375->3379 3395 40556a DestroyWindow 3375->3395 3413 406119 3375->3413 3376->3378 3377->3378 3378->3360 3441 405b7f 3378->3441 3380 405434 GetDlgItem 3379->3380 3381 40545b ShowWindow KiUserCallbackDispatcher 3380->3381 3382 40544f 3380->3382 3430 405687 KiUserCallbackDispatcher 3381->3430 3382->3381 3384 405487 KiUserCallbackDispatcher 3389 4054a5 3384->3389 3385 4054a9 GetSystemMenu EnableMenuItem SendMessageW 3386 4054d6 SendMessageW 3385->3386 3385->3389 3386->3389 3389->3385 3431 4056e7 SendMessageW 3389->3431 3432 405f78 3389->3432 3435 40708c lstrcpynW 3389->3435 3391 405508 lstrlenW 3392 406119 17 API calls 3391->3392 3393 405522 SetWindowTextW 3392->3393 3436 4013af 3393->3436 3395->3354 3396 405584 CreateDialogParamW 3395->3396 3396->3354 3397 4055ba 3396->3397 3398 4056fe 18 API calls 3397->3398 3399 4055c5 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3398->3399 3400 4013af 79 API calls 3399->3400 3401 40560b 3400->3401 3401->3353 3402 405613 ShowWindow 3401->3402 3403 4056cc SendMessageW 3402->3403 3403->3354 3405 406119 17 API calls 3404->3405 3406 405709 SetDlgItemTextW 3405->3406 3406->3348 3408 4013af 79 API calls 3407->3408 3409 4014f7 3408->3409 3409->3344 3411 4056e4 3410->3411 3412 4056d5 SendMessageW 3410->3412 3411->3375 3412->3411 3424 406124 3413->3424 3414 40639e 3415 4063b2 3414->3415 3465 40708c lstrcpynW 3414->3465 3415->3375 3417 406369 lstrlenW 3417->3424 3419 406119 10 API calls 3419->3417 3421 40626a GetSystemDirectoryW 3421->3424 3423 406280 GetWindowsDirectoryW 3423->3424 3424->3414 3424->3417 3424->3419 3424->3421 3424->3423 3425 406119 10 API calls 3424->3425 3426 406307 lstrcatW 3424->3426 3427 407252 CharNextW CharNextW CharNextW CharNextW CharPrevW 3424->3427 3428 4062b7 SHGetSpecialFolderLocation 3424->3428 3458 406ee1 3424->3458 3463 406a5b wsprintfW 3424->3463 3464 40708c lstrcpynW 3424->3464 3425->3424 3426->3424 3427->3424 3428->3424 3429 4062cf SHGetPathFromIDListW CoTaskMemFree 3428->3429 3429->3424 3430->3384 3431->3389 3433 406119 17 API calls 3432->3433 3434 405f86 SetWindowTextW 3433->3434 3434->3389 3435->3391 3437 401429 3436->3437 3439 4013b9 3436->3439 3437->3375 3439->3437 3440 4013f5 MulDiv SendMessageW 3439->3440 3470 4014fa 3439->3470 3440->3439 3442 405b86 3441->3442 3443 405b8c SendMessageW 3441->3443 3442->3443 3443->3360 3445 405a0f 3444->3445 3446 405964 GetWindowLongW 3444->3446 3445->3353 3446->3445 3447 405979 3446->3447 3447->3445 3448 4059a5 3447->3448 3449 40599e GetSysColor 3447->3449 3450 4059b5 SetBkMode 3448->3450 3451 4059ab SetTextColor 3448->3451 3449->3448 3452 4059d7 3450->3452 3453 4059cd GetSysColor 3450->3453 3451->3450 3454 4059e7 3452->3454 3455 4059dd SetBkColor 3452->3455 3453->3452 3454->3445 3456 405a02 CreateBrushIndirect 3454->3456 3457 4059f9 DeleteObject 3454->3457 3455->3454 3456->3445 3457->3456 3466 406583 3458->3466 3461 406f16 RegQueryValueExW RegCloseKey 3462 406f47 3461->3462 3462->3424 3463->3424 3464->3424 3465->3415 3467 406592 3466->3467 3468 406596 3467->3468 3469 40659b RegOpenKeyExW 3467->3469 3468->3461 3468->3462 3469->3468 3471 401564 3470->3471 3546 401576 3470->3546 3472 401581 3471->3472 3473 401644 3471->3473 3474 401846 3471->3474 3475 4015a8 3471->3475 3476 401629 3471->3476 3477 40156b 3471->3477 3478 4016ce 3471->3478 3479 40188e 3471->3479 3480 401915 3471->3480 3481 4015bb 3471->3481 3482 4016fb 3471->3482 3483 40173c 3471->3483 3484 4016bc 3471->3484 3485 4015dd 3471->3485 3486 4015ff 3471->3486 3471->3546 3491 403312 17 API calls 3472->3491 3505 4032d6 17 API calls 3473->3505 3473->3546 3492 403312 17 API calls 3474->3492 3494 4015b2 PostQuitMessage 3475->3494 3475->3546 3489 406af2 9 API calls 3476->3489 3490 406af2 9 API calls 3477->3490 3496 4016e5 3478->3496 3497 4016dd ShowWindow 3478->3497 3498 403312 17 API calls 3479->3498 3493 403312 17 API calls 3480->3493 3519 406af2 9 API calls 3481->3519 3499 403312 17 API calls 3482->3499 3579 403312 3483->3579 3620 406a5b wsprintfW 3484->3620 3500 403312 17 API calls 3485->3500 3617 4032d6 3486->3617 3503 401633 SetForegroundWindow 3489->3503 3490->3546 3504 401587 3491->3504 3506 40184c 3492->3506 3507 40191b GetFullPathNameW 3493->3507 3494->3546 3508 4016f2 ShowWindow 3496->3508 3496->3546 3497->3496 3509 401895 3498->3509 3510 401702 3499->3510 3511 4015e3 3500->3511 3502 401605 3513 406af2 9 API calls 3502->3513 3503->3546 3514 406af2 9 API calls 3504->3514 3515 40165f 3505->3515 3624 406a15 FindFirstFileW 3506->3624 3517 401942 3507->3517 3518 401934 3507->3518 3508->3546 3520 403312 17 API calls 3509->3520 3521 406af2 9 API calls 3510->3521 3522 406af2 9 API calls 3511->3522 3524 401612 Sleep 3513->3524 3525 401592 3514->3525 3526 406af2 9 API calls 3515->3526 3517->3518 3544 406a15 2 API calls 3517->3544 3537 401974 GetShortPathNameW 3518->3537 3518->3546 3528 4015cf 3519->3528 3529 40189e 3520->3529 3530 401713 SetFileAttributesW 3521->3530 3531 4015ee 3522->3531 3524->3546 3533 405f97 24 API calls 3525->3533 3526->3546 3536 4013af 67 API calls 3528->3536 3538 403312 17 API calls 3529->3538 3539 401729 3530->3539 3530->3546 3541 405f97 24 API calls 3531->3541 3533->3546 3534 401873 3543 406af2 9 API calls 3534->3543 3535 401858 3542 406af2 9 API calls 3535->3542 3536->3546 3537->3546 3545 4018a7 3538->3545 3540 406af2 9 API calls 3539->3540 3540->3546 3541->3546 3542->3546 3543->3546 3548 401955 3544->3548 3549 406af2 9 API calls 3545->3549 3546->3439 3547 4017f3 3547->3531 3551 4017ff 3547->3551 3548->3518 3632 40708c lstrcpynW 3548->3632 3550 4018b4 MoveFileW 3549->3550 3553 4018c2 3550->3553 3554 4018ce 3550->3554 3605 405f97 3551->3605 3553->3531 3557 401904 3554->3557 3559 406a15 2 API calls 3554->3559 3561 406af2 9 API calls 3557->3561 3563 4018db 3559->3563 3566 4018fd 3561->3566 3563->3557 3567 4018df 3563->3567 3564 401811 SetCurrentDirectoryW 3564->3546 3568 401820 GetLastError 3564->3568 3566->3546 3627 4064e0 MoveFileExW 3567->3627 3570 406af2 9 API calls 3568->3570 3570->3546 3571 4017bb GetFileAttributesW 3575 40175d 3571->3575 3572 406af2 9 API calls 3572->3575 3575->3547 3575->3571 3575->3572 3593 406a3c 3575->3593 3597 4067a3 3575->3597 3600 40609b CreateDirectoryW 3575->3600 3621 40607b CreateDirectoryW 3575->3621 3576 405f97 24 API calls 3577 4018f2 3576->3577 3578 406af2 9 API calls 3577->3578 3578->3566 3580 406119 17 API calls 3579->3580 3581 40333b 3580->3581 3582 401743 3581->3582 3633 407252 3581->3633 3584 406af2 lstrlenW wvsprintfW 3582->3584 3642 406b24 3584->3642 3587 407123 CharNextW CharNextW 3588 407144 3587->3588 3591 407155 3587->3591 3590 407150 CharNextW 3588->3590 3588->3591 3589 407178 3589->3575 3590->3589 3591->3589 3592 406a3c CharNextW 3591->3592 3592->3591 3594 406a42 3593->3594 3595 406a58 3594->3595 3596 406a49 CharNextW 3594->3596 3595->3575 3596->3594 3656 406e4e GetModuleHandleA 3597->3656 3601 4060e6 GetLastError 3600->3601 3602 406109 3600->3602 3601->3602 3603 4060f3 SetFileSecurityW 3601->3603 3602->3575 3603->3602 3604 40610d GetLastError 3603->3604 3604->3602 3606 405fa9 3605->3606 3615 401806 3605->3615 3607 405fc8 lstrlenW 3606->3607 3608 406119 17 API calls 3606->3608 3609 405fda lstrlenW 3607->3609 3610 405ffd 3607->3610 3608->3607 3611 405fef lstrcatW 3609->3611 3609->3615 3612 406014 3610->3612 3613 406007 SetWindowTextW 3610->3613 3611->3610 3614 406019 SendMessageW SendMessageW SendMessageW 3612->3614 3612->3615 3613->3612 3614->3615 3616 40708c lstrcpynW 3615->3616 3616->3564 3618 406119 17 API calls 3617->3618 3619 4032ea 3618->3619 3619->3502 3620->3546 3622 406095 3621->3622 3623 40608d GetLastError 3621->3623 3622->3575 3623->3622 3625 401854 3624->3625 3626 406a2b FindClose 3624->3626 3625->3534 3625->3535 3626->3625 3628 4018e6 3627->3628 3629 4064f4 3627->3629 3628->3576 3665 4065b1 3629->3665 3632->3518 3640 407262 3633->3640 3634 4072db 3635 4072e7 CharPrevW 3634->3635 3637 407307 3634->3637 3635->3634 3636 4072ce CharNextW 3636->3634 3636->3640 3637->3582 3638 406a3c CharNextW 3638->3640 3639 4072ba CharNextW 3639->3640 3640->3634 3640->3636 3640->3638 3640->3639 3641 4072c9 CharNextW 3640->3641 3641->3636 3643 406b2b 3642->3643 3645 406b45 3642->3645 3644 401754 3643->3644 3646 406b35 CloseHandle 3643->3646 3644->3587 3645->3644 3647 406b89 3645->3647 3648 406b92 lstrcatW lstrlenW 3645->3648 3653 406e83 GetFileAttributesW CreateFileW 3645->3653 3646->3644 3647->3644 3647->3648 3654 406f77 WriteFile 3648->3654 3651 406b72 3651->3644 3652 406b7c SetFilePointer 3651->3652 3652->3647 3653->3651 3655 406f98 3654->3655 3655->3644 3657 406e70 GetProcAddress 3656->3657 3658 406e66 3656->3658 3659 4067aa 3657->3659 3662 40643f GetSystemDirectoryW 3658->3662 3659->3575 3661 406e6c 3661->3657 3661->3659 3663 406468 wsprintfW LoadLibraryExW 3662->3663 3663->3661 3666 4065e2 3665->3666 3667 406608 GetShortPathNameW 3665->3667 3692 406e83 GetFileAttributesW CreateFileW 3666->3692 3669 406501 3667->3669 3670 40661d 3667->3670 3669->3628 3670->3669 3672 406625 wsprintfA 3670->3672 3671 4065ec CloseHandle GetShortPathNameW 3671->3669 3673 406600 3671->3673 3674 406119 17 API calls 3672->3674 3673->3667 3673->3669 3675 40664e 3674->3675 3693 406e83 GetFileAttributesW CreateFileW 3675->3693 3677 40665b 3677->3669 3678 40666a GetFileSize GlobalAlloc 3677->3678 3679 4066e5 CloseHandle 3678->3679 3680 406689 3678->3680 3679->3669 3694 406eb0 ReadFile 3680->3694 3685 4066f2 3687 4070a8 4 API calls 3685->3687 3686 4066a4 lstrcpyA 3688 4066b6 3686->3688 3687->3688 3689 4066c7 SetFilePointer 3688->3689 3690 406f77 WriteFile 3689->3690 3691 4066de GlobalFree 3690->3691 3691->3679 3692->3671 3693->3677 3695 406691 3694->3695 3695->3679 3696 4070a8 lstrlenA 3695->3696 3697 4070e7 lstrlenA 3696->3697 3698 4070c0 lstrcmpiA 3697->3698 3699 4066a0 3697->3699 3698->3699 3700 4070de CharNextA 3698->3700 3699->3685 3699->3686 3700->3697 4922 401c20 4923 403312 17 API calls 4922->4923 4924 401c27 4923->4924 4925 406af2 9 API calls 4924->4925 4926 401c38 4925->4926 4927 40701a MessageBoxIndirectW 4926->4927 4928 401734 4927->4928 4929 402324 4930 403312 17 API calls 4929->4930 4931 40232b 4930->4931 4932 406e4e 5 API calls 4931->4932 4933 40233c 4932->4933 4934 40235a GlobalAlloc 4933->4934 4943 4023c6 4933->4943 4935 40236d 4934->4935 4934->4943 4936 406e4e 5 API calls 4935->4936 4937 402374 4936->4937 4938 406e4e 5 API calls 4937->4938 4939 40237d 4938->4939 4939->4943 4944 406a5b wsprintfW 4939->4944 4941 4023b6 4945 406a5b wsprintfW 4941->4945 4944->4941 4945->4943 4946 402e27 4947 402e31 4946->4947 4949 401734 4946->4949 4948 4032d6 17 API calls 4947->4948 4950 402e38 4948->4950 4951 402e45 SetFilePointer 4950->4951 4951->4949 4953 402e56 4951->4953 4952 4032d6 17 API calls 4952->4953 4953->4949 4953->4952 4954 403091 4953->4954 4955 4030b6 4954->4955 4956 4030a6 4954->4956 4958 406119 17 API calls 4955->4958 4957 4032d6 17 API calls 4956->4957 4957->4949 4958->4949 3759 404d2a 3760 404d47 GetDlgItem GetDlgItem GetDlgItem 3759->3760 3761 404eec 3759->3761 3807 4056e7 SendMessageW 3760->3807 3763 404f20 3761->3763 3764 404ef6 GetDlgItem CreateThread FindCloseChangeNotification 3761->3764 3766 404f50 3763->3766 3768 404f74 3763->3768 3769 404f34 ShowWindow ShowWindow 3763->3769 3764->3763 3810 405a6d OleInitialize 3764->3810 3765 404dbe 3777 406119 17 API calls 3765->3777 3767 404fb6 3766->3767 3770 404f63 3766->3770 3771 404f8c ShowWindow 3766->3771 3767->3768 3778 404fc1 SendMessageW 3767->3778 3772 40594c 8 API calls 3768->3772 3809 4056e7 SendMessageW 3769->3809 3774 405b7f SendMessageW 3770->3774 3775 404fb0 3771->3775 3776 404fa2 3771->3776 3782 404ee5 3772->3782 3774->3768 3781 405b7f SendMessageW 3775->3781 3779 405f97 24 API calls 3776->3779 3780 404ddf 3777->3780 3778->3782 3783 404fdd CreatePopupMenu 3778->3783 3779->3775 3784 406af2 9 API calls 3780->3784 3781->3767 3785 406119 17 API calls 3783->3785 3787 404dea GetClientRect GetSystemMetrics SendMessageW SendMessageW 3784->3787 3786 404fef AppendMenuW 3785->3786 3788 405022 TrackPopupMenu 3786->3788 3789 40500e GetWindowRect 3786->3789 3790 404e32 SendMessageW SendMessageW 3787->3790 3791 404e46 3787->3791 3788->3782 3792 405044 3788->3792 3789->3788 3790->3791 3793 404e58 3791->3793 3794 404e4e SendMessageW 3791->3794 3795 405058 SendMessageW 3792->3795 3796 4056fe 18 API calls 3793->3796 3794->3793 3795->3795 3798 405074 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3795->3798 3797 404e6a 3796->3797 3799 404e73 ShowWindow 3797->3799 3800 404ea5 GetDlgItem SendMessageW 3797->3800 3801 4050a4 SendMessageW 3798->3801 3802 404e94 3799->3802 3803 404e89 ShowWindow 3799->3803 3800->3782 3804 404ecd SendMessageW SendMessageW 3800->3804 3801->3801 3805 4050d2 GlobalUnlock SetClipboardData CloseClipboard 3801->3805 3808 4056e7 SendMessageW 3802->3808 3803->3802 3804->3782 3805->3782 3807->3765 3808->3800 3809->3766 3811 4056cc SendMessageW 3810->3811 3815 405a90 3811->3815 3812 4056cc SendMessageW 3813 405acb OleUninitialize 3812->3813 3814 406af2 9 API calls 3814->3815 3815->3814 3816 4013af 79 API calls 3815->3816 3817 405abb 3815->3817 3816->3815 3817->3812 4959 402eaa 4960 403312 17 API calls 4959->4960 4961 402eb1 FindFirstFileW 4960->4961 4962 402ec5 4961->4962 4965 406a5b wsprintfW 4962->4965 4964 402e9c 4965->4964 4966 402031 4967 4032d6 17 API calls 4966->4967 4968 402037 IsWindow 4967->4968 4969 40317b 4968->4969 4323 4019b3 4324 403312 17 API calls 4323->4324 4325 4019ba 4324->4325 4326 406fc4 2 API calls 4325->4326 4327 4019c1 4326->4327 4970 4021b7 4971 403312 17 API calls 4970->4971 4972 4021bd 4971->4972 4973 403312 17 API calls 4972->4973 4974 4021c6 4973->4974 4975 403312 17 API calls 4974->4975 4976 4021cf 4975->4976 4977 403312 17 API calls 4976->4977 4978 4021d8 4977->4978 4979 405f97 24 API calls 4978->4979 4980 4021e4 4979->4980 4989 406f5f ShellExecuteExW 4980->4989 4982 40222a 4983 402242 4982->4983 4984 40222e GetLastError 4982->4984 4986 40226a 4983->4986 4987 4067bb 5 API calls 4983->4987 4985 406af2 9 API calls 4984->4985 4985->4983 4988 40225d CloseHandle 4987->4988 4988->4986 4989->4982 4990 40513a 4991 405165 4990->4991 4992 405146 4990->4992 4993 405199 4991->4993 4994 40516b SHGetPathFromIDListW 4991->4994 5001 406fa8 GetDlgItemTextW 4992->5001 4997 405182 SendMessageW 4994->4997 4998 40517b 4994->4998 4996 405153 SendMessageW 4996->4991 4997->4993 4999 4014e3 79 API calls 4998->4999 4999->4997 5001->4996 5002 40393b 5003 403954 SetTimer 5002->5003 5004 403968 5002->5004 5003->5004 5005 4039bb 5004->5005 5006 40396d MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5004->5006 5006->5005 5007 40273b 5022 40708c lstrcpynW 5007->5022 5009 402753 5023 40708c lstrcpynW 5009->5023 5011 40275f 5012 40276b 5011->5012 5014 403312 17 API calls 5011->5014 5013 40277b 5012->5013 5015 403312 17 API calls 5012->5015 5016 403312 17 API calls 5013->5016 5018 40278d 5013->5018 5014->5012 5015->5013 5016->5018 5017 403312 17 API calls 5019 402798 5017->5019 5018->5017 5020 406af2 9 API calls 5019->5020 5021 4027ac WritePrivateProfileStringW 5020->5021 5022->5009 5023->5011 5024 40423e 5025 404246 5024->5025 5026 40426a 5024->5026 5027 40594c 8 API calls 5025->5027 5029 4042ca 5026->5029 5098 406fa8 GetDlgItemTextW 5026->5098 5028 404250 5027->5028 5031 4042d6 GetDlgItem GetAsyncKeyState 5029->5031 5038 404379 5029->5038 5034 4042f4 GetDlgItem 5031->5034 5042 404315 5031->5042 5032 40445d 5095 40462c 5032->5095 5100 406fa8 GetDlgItemTextW 5032->5100 5033 40429e 5035 407252 5 API calls 5033->5035 5036 4056fe 18 API calls 5034->5036 5040 4042a4 5035->5040 5037 404308 ShowWindow 5036->5037 5037->5042 5038->5032 5044 406119 17 API calls 5038->5044 5038->5095 5045 405a4c 5 API calls 5040->5045 5041 40432f SetWindowTextW 5049 4056fe 18 API calls 5041->5049 5042->5041 5047 407123 4 API calls 5042->5047 5043 40448a 5048 406a74 18 API calls 5043->5048 5050 4043ea SHBrowseForFolderW 5044->5050 5051 4042a9 GetDlgItem 5045->5051 5046 40594c 8 API calls 5052 404643 5046->5052 5053 404325 5047->5053 5054 404490 5048->5054 5055 404350 5049->5055 5050->5032 5056 404405 CoTaskMemFree 5050->5056 5057 4042b9 IsDlgButtonChecked 5051->5057 5051->5095 5053->5041 5061 40699c 3 API calls 5053->5061 5101 40708c lstrcpynW 5054->5101 5059 4056fe 18 API calls 5055->5059 5060 40699c 3 API calls 5056->5060 5057->5029 5063 40435f 5059->5063 5064 404412 5060->5064 5061->5041 5062 4044aa 5065 406e4e 5 API calls 5062->5065 5099 4056e7 SendMessageW 5063->5099 5067 404449 SetDlgItemTextW 5064->5067 5070 406119 17 API calls 5064->5070 5076 4044b0 5065->5076 5067->5032 5068 404365 5069 406e4e 5 API calls 5068->5069 5073 40436c 5069->5073 5074 404431 lstrcmpiW 5070->5074 5071 4044ff 5102 40708c lstrcpynW 5071->5102 5072 4044b8 GetDiskFreeSpaceExW 5072->5076 5085 404559 5072->5085 5077 404374 SHAutoComplete 5073->5077 5073->5095 5074->5067 5078 404442 lstrcatW 5074->5078 5076->5071 5076->5072 5081 407225 2 API calls 5076->5081 5077->5038 5078->5067 5079 40450b 5080 407123 4 API calls 5079->5080 5082 404511 GetDiskFreeSpaceW 5080->5082 5081->5076 5084 404539 MulDiv 5082->5084 5082->5085 5084->5085 5086 4045d8 5085->5086 5087 405744 20 API calls 5085->5087 5088 4045fb 5086->5088 5089 4014e3 79 API calls 5086->5089 5091 4045be 5087->5091 5103 405687 KiUserCallbackDispatcher 5088->5103 5089->5088 5093 4045c4 5091->5093 5094 4045da SetDlgItemTextW 5091->5094 5092 40461b 5092->5095 5104 405720 SendMessageW 5092->5104 5096 405744 20 API calls 5093->5096 5094->5086 5095->5046 5096->5086 5098->5033 5099->5068 5100->5043 5101->5062 5102->5079 5103->5092 5104->5095

                                                                                                                                Executed Functions

                                                                                                                                Function 004039ED, Relevance: 73.8, APIs: 31, Strings: 11, Instructions: 348stringfilecomCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 4039ed-403a26 SetErrorMode GetVersion 1 403a28-403a30 call 406e4e 0->1 2 403a39 0->2 1->2 7 403a32 1->7 4 403a3e-403a51 call 40643f lstrlenA 2->4 9 403a53-403a6f call 406e4e * 3 4->9 7->2 16 403a71-403a77 9->16 17 403a83-403ae5 #17 OleInitialize SHGetFileInfoW call 40708c GetCommandLineW call 40708c 9->17 16->17 21 403a79 16->21 24 403ae7-403ae9 17->24 25 403aee-403b06 call 406a3c CharNextW 17->25 21->17 24->25 28 403bb3-403bcd GetTempPathW call 403ea0 25->28 29 403b0c-403b0e 25->29 37 403c25-403c3c DeleteFileW call 4036d7 28->37 38 403bcf-403bed GetWindowsDirectoryW lstrcatW call 403ea0 28->38 30 403b0f-403b12 29->30 32 403b14-403b1a 30->32 33 403b1c-403b21 30->33 32->32 32->33 35 403b23-403b26 33->35 36 403b28-403b2c 33->36 35->36 40 403b82-403b8c call 406a3c 36->40 41 403b2e-403b35 36->41 49 403c42-403c48 37->49 50 403dd5 37->50 38->37 55 403bef-403c1f GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403ea0 38->55 56 403b91-403b97 40->56 57 403b8e 40->57 45 403b37-403b3e 41->45 46 403b4f-403b55 41->46 51 403b40-403b43 45->51 52 403b45 45->52 53 403b71-403b78 46->53 54 403b57-403b5e 46->54 58 403ca9-403cb0 call 405c70 49->58 59 403c4a-403c58 call 406a3c 49->59 60 403dd9-403de6 call 4039c3 OleUninitialize 50->60 51->46 51->52 52->46 53->40 62 403b7a-403b80 53->62 54->53 61 403b60-403b67 54->61 55->37 55->50 56->30 66 403b9d 56->66 57->56 73 403cb5-403cbe call 406b24 58->73 77 403c6e-403c70 59->77 78 403de8-403df3 call 40701a 60->78 79 403dfb-403e02 60->79 70 403b69-403b6c 61->70 71 403b6e 61->71 62->40 64 403b9f-403bae call 40708c 62->64 64->28 66->28 70->53 70->71 71->53 73->60 83 403c72-403c79 77->83 84 403c5a-403c60 77->84 93 403df5 ExitProcess 78->93 80 403e08-403e1e GetCurrentProcess OpenProcessToken 79->80 81 403e8c-403e9b 79->81 87 403e20-403e53 LookupPrivilegeValueW AdjustTokenPrivileges 80->87 88 403e59-403e67 call 406e4e 80->88 81->93 91 403cc3-403cdc call 4067a3 lstrcatW 83->91 92 403c7b-403c8b call 406a74 83->92 89 403c62-403c69 84->89 90 403c6b 84->90 87->88 101 403e78-403e83 ExitWindowsEx 88->101 102 403e69-403e76 88->102 89->83 89->90 90->77 103 403ce9-403d02 lstrcatW lstrcmpiW 91->103 104 403cde-403ce4 lstrcatW 91->104 92->50 100 403c91-403ca7 call 40708c * 2 92->100 100->58 101->81 106 403e85-403e87 call 4014e3 101->106 102->101 102->106 103->50 107 403d08-403d0b 103->107 104->103 106->81 108 403d14 call 40607b 107->108 109 403d0d-403d12 call 40609b 107->109 118 403d19-403d28 SetCurrentDirectoryW 108->118 109->118 119 403d39-403d53 call 40708c 118->119 120 403d2a-403d34 call 40708c 118->120 124 403d54-403d72 call 406119 DeleteFileW 119->124 120->119 127 403dc2-403dcc 124->127 128 403d74-403d88 CopyFileW 124->128 127->124 129 403dce-403dd0 call 4064e0 127->129 128->127 130 403d8a-403db7 call 4064e0 call 406119 call 406be0 128->130 129->50 130->127 138 403db9-403dc0 CloseHandle 130->138 138->127
                                                                                                                                C-Code - Quality: 80%
                                                                                                                                			_entry_() {
				struct _SHFILEINFOW _v696;
				int _v720;
				struct _TOKEN_PRIVILEGES _v732;
				void* _v736;
				intOrPtr _v740;
				WCHAR* _v744;
				signed int _t20;
				signed int _t21;
				intOrPtr* _t26;
				intOrPtr* _t32;
				WCHAR* _t34;
				void* _t36;
				void* _t38;
				intOrPtr* _t43;
				void* _t58;
				void* _t66;
				void* _t70;
				void* _t81;
				void* _t86;
				intOrPtr* _t89;
				intOrPtr _t95;
				void* _t96;
				void* _t97;
				signed int _t99;
				signed int _t100;
				void* _t101;
				void* _t103;
				CHAR* _t105;
				void* _t109;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t118;
				signed int* _t121;

				 *_t121 =  *_t121 & 0x00000000;
				0x4cf000 = 0x20;
				_t103 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_t118 = 0; // executed
				SetErrorMode(0x8001); // executed
				_t20 = GetVersion();
				_t21 = _t20 & 0xbfffffff;
				_t97 = 6;
				 *0x476210 = _t21;
				if(_t21 != _t97) {
					_t89 = E00406E4E(0);
					if(_t89 != 0) {
						 *_t89(0xc00);
					}
				}
				_t105 = "UXTHEME";
				do {
					E0040643F(_t105); // executed
					_t105 =  &(( &(_t105[1]))[lstrlenA(_t105)]);
				} while ( *_t105 != 0);
				E00406E4E(0xa);
				 *0x476214 = E00406E4E(8);
				_t26 = E00406E4E(6);
				if(_t26 != 0) {
					_t26 =  *_t26(0x1e);
					if(_t26 != 0) {
						 *0x476210 =  *0x476210 | 0x40000000;
					}
				}
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x47e280 = _t26;
				SHGetFileInfoW(0x40a2c0, 0,  &_v696, 0x2b4, 0); // executed
				E0040708C(0x476220, L"NSIS Error");
				E0040708C(0x4cf000, GetCommandLineW());
				_t32 = 0x4cf000;
				 *0x476218 = 0x400000;
				_t109 = 0x22;
				if( *0x4cf000 == _t109) {
					_t32 = 0x4cf002;
				}
				_t34 = CharNextW(E00406A3C(_t32, 0x4cf000));
				_v744 = _t34;
				_t98 =  *_t34 & 0x0000ffff;
				if(_t98 == 0) {
					L33:
					GetTempPathW(0x2000, 0x4e3000);
					_t36 = E00403EA0(_t98, _t147);
					_t148 = _t36;
					if(_t36 != 0) {
						L36:
						DeleteFileW(0x4df000); // executed
						_t38 = E004036D7(_t150, _t118);
						_t103 = _t38;
						if(_t103 != 0) {
							L62:
							_t95 = _v740;
							L63:
							E004039C3(); // executed
							__imp__OleUninitialize(); // executed
							if(_t103 == 0) {
								if( *0x47e2f4 == 0) {
									L73:
									_push(_t95);
									L65:
									ExitProcess(); // executed
								}
								if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v736) != 0) {
									LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v732.Privileges));
									_v732.PrivilegeCount = 1;
									_v720 = 2;
									AdjustTokenPrivileges(_v736, 0,  &_v732, 0, 0, 0);
								}
								_t43 = E00406E4E(4);
								if(_t43 == 0) {
									L71:
									if(ExitWindowsEx(2, 0x80040002) != 0) {
										goto L73;
									}
									goto L72;
								} else {
									_push(0x80040002);
									_push(0x25);
									_push(0);
									_push(0);
									_push(0);
									if( *_t43() == 0) {
										L72:
										E004014E3(9);
										goto L73;
									}
									goto L71;
								}
							}
							E0040701A(_t103, 0x200010);
							_push(2); // executed
							goto L65;
						}
						if( *0x47e224 == _t38) {
							L46:
							 *0x47e30c =  *0x47e30c | 0xffffffff;
							_t95 = E00405C70();
							E00406B24(1);
							goto L63;
						}
						_t112 = E00406A3C(0x4cf000, _t38);
						while(_t112 >= 0x4cf000) {
							__eflags =  *_t112 - 0x5f0020;
							if( *_t112 != 0x5f0020) {
								L41:
								_t112 = _t112 - 2;
								__eflags = _t112;
								continue;
							}
							__eflags =  *((intOrPtr*)(_t112 + 4)) - 0x3d003f;
							if(__eflags == 0) {
								break;
							}
							goto L41;
						}
						_t103 = L"Error launching installer";
						_t154 = _t112 - 0x4cf000;
						if(_t112 < 0x4cf000) {
							_t113 = E004067A3();
							lstrcatW(0x4e3000, L"~nsu");
							__eflags = _t113;
							if(_t113 != 0) {
								lstrcatW(0x4e3000, "A");
							}
							lstrcatW(0x4e3000, L".tmp");
							_t58 = lstrcmpiW(0x4e3000, 0x4db000);
							__eflags = _t58;
							if(_t58 != 0) {
								_push(0x4e3000);
								__eflags = _t113;
								if(_t113 == 0) {
									E0040607B();
								} else {
									E0040609B();
								}
								SetCurrentDirectoryW(0x4e3000);
								__eflags =  *0x4d3000;
								if( *0x4d3000 == 0) {
									E0040708C(0x4d3000, 0x4db000);
								}
								E0040708C(0x47f000, _v736);
								 *0x483000 = 0x41;
								_t114 = 0x1a;
								do {
									E00406119(0x43dd38,  *((intOrPtr*)( *0x47e230 + 0x120)));
									DeleteFileW(0x43dd38);
									__eflags = _t103;
									if(_t103 != 0) {
										_t66 = CopyFileW(0x4eb000, 0x43dd38, 1);
										__eflags = _t66;
										if(_t66 != 0) {
											E004064E0(0x43dd38, 0);
											E00406119(0x43dd38,  *((intOrPtr*)( *0x47e230 + 0x124)));
											_t70 = E00406BE0(0x43dd38);
											__eflags = _t70;
											if(_t70 != 0) {
												CloseHandle(_t70);
												_t103 = 0;
												__eflags = 0;
											}
										}
									}
									 *0x483000 =  *0x483000 + 1;
									_t114 = _t114 - 1;
									__eflags = _t114;
								} while (_t114 != 0);
								E004064E0(0x4e3000, _t114);
							}
							goto L62;
						}
						 *_t112 = 0;
						_t115 = _t112 + 8;
						if(E00406A74(_t154, _t112 + 8) == 0) {
							goto L62;
						}
						E0040708C(0x4d3000, _t115);
						E0040708C(0x4d7000, _t115);
						_t103 = 0;
						goto L46;
					}
					GetWindowsDirectoryW(0x4e3000, 0x1ffb);
					lstrcatW(0x4e3000, L"\\Temp");
					_t81 = E00403EA0(_t98, _t148);
					_t149 = _t81;
					if(_t81 != 0) {
						goto L36;
					}
					GetTempPathW(0x1ffc, 0x4e3000);
					lstrcatW(0x4e3000, L"Low");
					SetEnvironmentVariableW(L"TEMP", 0x4e3000);
					SetEnvironmentVariableW(L"TMP", 0x4e3000);
					_t86 = E00403EA0(_t98, _t149);
					_t150 = _t86;
					if(_t86 == 0) {
						goto L62;
					}
					goto L36;
				} else {
					_t96 = 0x20;
					do {
						if(_t98 != _t96) {
							L14:
							_t101 = _t96;
							if( *_t34 == _t109) {
								_t34 =  &(_t34[1]);
								_t101 = _t109;
							}
							if( *_t34 != 0x2f) {
								goto L28;
							} else {
								_t34 =  &(_t34[1]);
								if( *_t34 == 0x53) {
									_t100 = _t34[1] & 0x0000ffff;
									if(_t100 == _t96 || _t100 == 0) {
										 *0x47e300 = 1;
									}
								}
								if( *_t34 == 0x43004e && _t34[2] == 0x430052) {
									_t99 = _t34[4] & 0x0000ffff;
									if(_t99 == _t96 || _t99 == 0) {
										_t118 = _t118 | 0x00000004;
									}
								}
								if( *((intOrPtr*)(_t34 - 4)) != 0x2f0020 ||  *_t34 != 0x3d0044) {
									goto L28;
								} else {
									_t98 = 0;
									 *((short*)(_t34 - 4)) = 0;
									__eflags =  &(_t34[2]);
									E0040708C(0x4d3000,  &(_t34[2]));
									goto L33;
								}
							}
						} else {
							goto L13;
						}
						do {
							L13:
							_t34 =  &(_t34[1]);
						} while ( *_t34 == _t96);
						goto L14;
						L28:
						_t34 = E00406A3C(_t34, _t101);
						if( *_t34 == _t109) {
							_t34 =  &(_t34[1]);
						}
						_t98 =  *_t34 & 0x0000ffff;
						_t147 = _t98;
					} while (_t98 != 0);
					goto L33;
				}
			}





































                                                                                                                                0x004039f3
                                                                                                                                0x004039fd
                                                                                                                                0x00403a03
                                                                                                                                0x00403a08
                                                                                                                                0x00403a0a
                                                                                                                                0x00403a10
                                                                                                                                0x00403a18
                                                                                                                                0x00403a1d
                                                                                                                                0x00403a1e
                                                                                                                                0x00403a26
                                                                                                                                0x00403a29
                                                                                                                                0x00403a30
                                                                                                                                0x00403a37
                                                                                                                                0x00403a37
                                                                                                                                0x00403a30
                                                                                                                                0x00403a39
                                                                                                                                0x00403a3e
                                                                                                                                0x00403a3f
                                                                                                                                0x00403a4c
                                                                                                                                0x00403a4e
                                                                                                                                0x00403a55
                                                                                                                                0x00403a63
                                                                                                                                0x00403a68
                                                                                                                                0x00403a6f
                                                                                                                                0x00403a73
                                                                                                                                0x00403a77
                                                                                                                                0x00403a79
                                                                                                                                0x00403a79
                                                                                                                                0x00403a77
                                                                                                                                0x00403a83
                                                                                                                                0x00403a8c
                                                                                                                                0x00403a98
                                                                                                                                0x00403aa8
                                                                                                                                0x00403ab8
                                                                                                                                0x00403aca
                                                                                                                                0x00403ad1
                                                                                                                                0x00403ad3
                                                                                                                                0x00403add
                                                                                                                                0x00403ae5
                                                                                                                                0x00403ae9
                                                                                                                                0x00403ae9
                                                                                                                                0x00403af6
                                                                                                                                0x00403afc
                                                                                                                                0x00403b00
                                                                                                                                0x00403b06
                                                                                                                                0x00403bb3
                                                                                                                                0x00403bc4
                                                                                                                                0x00403bc6
                                                                                                                                0x00403bcb
                                                                                                                                0x00403bcd
                                                                                                                                0x00403c25
                                                                                                                                0x00403c30
                                                                                                                                0x00403c33
                                                                                                                                0x00403c38
                                                                                                                                0x00403c3c
                                                                                                                                0x00403dd5
                                                                                                                                0x00403dd5
                                                                                                                                0x00403dd9
                                                                                                                                0x00403dd9
                                                                                                                                0x00403dde
                                                                                                                                0x00403de6
                                                                                                                                0x00403e02
                                                                                                                                0x00403e8c
                                                                                                                                0x00403e9a
                                                                                                                                0x00403df5
                                                                                                                                0x00403df5
                                                                                                                                0x00403df5
                                                                                                                                0x00403e1e
                                                                                                                                0x00403e2c
                                                                                                                                0x00403e3c
                                                                                                                                0x00403e4b
                                                                                                                                0x00403e53
                                                                                                                                0x00403e53
                                                                                                                                0x00403e5b
                                                                                                                                0x00403e67
                                                                                                                                0x00403e78
                                                                                                                                0x00403e83
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403e69
                                                                                                                                0x00403e69
                                                                                                                                0x00403e6a
                                                                                                                                0x00403e6c
                                                                                                                                0x00403e6e
                                                                                                                                0x00403e70
                                                                                                                                0x00403e76
                                                                                                                                0x00403e85
                                                                                                                                0x00403e87
                                                                                                                                0x00000000
                                                                                                                                0x00403e87
                                                                                                                                0x00000000
                                                                                                                                0x00403e76
                                                                                                                                0x00403e67
                                                                                                                                0x00403dee
                                                                                                                                0x00403df3
                                                                                                                                0x00000000
                                                                                                                                0x00403df3
                                                                                                                                0x00403c48
                                                                                                                                0x00403ca9
                                                                                                                                0x00403ca9
                                                                                                                                0x00403cb7
                                                                                                                                0x00403cb9
                                                                                                                                0x00000000
                                                                                                                                0x00403cb9
                                                                                                                                0x00403c56
                                                                                                                                0x00403c6e
                                                                                                                                0x00403c5a
                                                                                                                                0x00403c60
                                                                                                                                0x00403c6b
                                                                                                                                0x00403c6b
                                                                                                                                0x00403c6b
                                                                                                                                0x00000000
                                                                                                                                0x00403c6b
                                                                                                                                0x00403c62
                                                                                                                                0x00403c69
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403c69
                                                                                                                                0x00403c72
                                                                                                                                0x00403c77
                                                                                                                                0x00403c79
                                                                                                                                0x00403cd2
                                                                                                                                0x00403cd5
                                                                                                                                0x00403cda
                                                                                                                                0x00403cdc
                                                                                                                                0x00403ce4
                                                                                                                                0x00403ce4
                                                                                                                                0x00403cef
                                                                                                                                0x00403cfa
                                                                                                                                0x00403d00
                                                                                                                                0x00403d02
                                                                                                                                0x00403d08
                                                                                                                                0x00403d09
                                                                                                                                0x00403d0b
                                                                                                                                0x00403d14
                                                                                                                                0x00403d0d
                                                                                                                                0x00403d0d
                                                                                                                                0x00403d0d
                                                                                                                                0x00403d1a
                                                                                                                                0x00403d20
                                                                                                                                0x00403d28
                                                                                                                                0x00403d34
                                                                                                                                0x00403d34
                                                                                                                                0x00403d42
                                                                                                                                0x00403d49
                                                                                                                                0x00403d53
                                                                                                                                0x00403d54
                                                                                                                                0x00403d64
                                                                                                                                0x00403d6e
                                                                                                                                0x00403d70
                                                                                                                                0x00403d72
                                                                                                                                0x00403d80
                                                                                                                                0x00403d86
                                                                                                                                0x00403d88
                                                                                                                                0x00403d91
                                                                                                                                0x00403da6
                                                                                                                                0x00403db0
                                                                                                                                0x00403db5
                                                                                                                                0x00403db7
                                                                                                                                0x00403dba
                                                                                                                                0x00403dc0
                                                                                                                                0x00403dc0
                                                                                                                                0x00403dc0
                                                                                                                                0x00403db7
                                                                                                                                0x00403d88
                                                                                                                                0x00403dc2
                                                                                                                                0x00403dc9
                                                                                                                                0x00403dc9
                                                                                                                                0x00403dc9
                                                                                                                                0x00403dd0
                                                                                                                                0x00403dd0
                                                                                                                                0x00000000
                                                                                                                                0x00403d02
                                                                                                                                0x00403c7d
                                                                                                                                0x00403c80
                                                                                                                                0x00403c8b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403c97
                                                                                                                                0x00403ca2
                                                                                                                                0x00403ca7
                                                                                                                                0x00000000
                                                                                                                                0x00403ca7
                                                                                                                                0x00403bd5
                                                                                                                                0x00403be1
                                                                                                                                0x00403be6
                                                                                                                                0x00403beb
                                                                                                                                0x00403bed
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403bf5
                                                                                                                                0x00403bfd
                                                                                                                                0x00403c0e
                                                                                                                                0x00403c16
                                                                                                                                0x00403c18
                                                                                                                                0x00403c1d
                                                                                                                                0x00403c1f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403b0c
                                                                                                                                0x00403b0e
                                                                                                                                0x00403b0f
                                                                                                                                0x00403b12
                                                                                                                                0x00403b1c
                                                                                                                                0x00403b1c
                                                                                                                                0x00403b21
                                                                                                                                0x00403b23
                                                                                                                                0x00403b26
                                                                                                                                0x00403b26
                                                                                                                                0x00403b2c
                                                                                                                                0x00000000
                                                                                                                                0x00403b2e
                                                                                                                                0x00403b2e
                                                                                                                                0x00403b35
                                                                                                                                0x00403b37
                                                                                                                                0x00403b3e
                                                                                                                                0x00403b45
                                                                                                                                0x00403b45
                                                                                                                                0x00403b3e
                                                                                                                                0x00403b55
                                                                                                                                0x00403b60
                                                                                                                                0x00403b67
                                                                                                                                0x00403b6e
                                                                                                                                0x00403b6e
                                                                                                                                0x00403b67
                                                                                                                                0x00403b78
                                                                                                                                0x00000000
                                                                                                                                0x00403b9f
                                                                                                                                0x00403b9f
                                                                                                                                0x00403ba1
                                                                                                                                0x00403ba5
                                                                                                                                0x00403bae
                                                                                                                                0x00000000
                                                                                                                                0x00403bae
                                                                                                                                0x00403b78
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403b14
                                                                                                                                0x00403b14
                                                                                                                                0x00403b14
                                                                                                                                0x00403b17
                                                                                                                                0x00000000
                                                                                                                                0x00403b82
                                                                                                                                0x00403b84
                                                                                                                                0x00403b8c
                                                                                                                                0x00403b8e
                                                                                                                                0x00403b8e
                                                                                                                                0x00403b91
                                                                                                                                0x00403b94
                                                                                                                                0x00403b94
                                                                                                                                0x00000000
                                                                                                                                0x00403b9d

                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNEL32(00008001), ref: 00403A0A
                                                                                                                                • GetVersion.KERNEL32 ref: 00403A10
                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403A45
                                                                                                                                • #17.COMCTL32(00000006,00000008,0000000A), ref: 00403A83
                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403A8C
                                                                                                                                • SHGetFileInfoW.SHELL32(0040A2C0,00000000,?,000002B4,00000000), ref: 00403AA8
                                                                                                                                • GetCommandLineW.KERNEL32(00476220,NSIS Error), ref: 00403ABD
                                                                                                                                • CharNextW.USER32(00000000,004CF000,00000020,004CF000,00000000), ref: 00403AF6
                                                                                                                                  • Part of subcall function 00406E4E: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403A5A,0000000A), ref: 00406E5C
                                                                                                                                  • Part of subcall function 00406E4E: GetProcAddress.KERNEL32(00000000), ref: 00406E78
                                                                                                                                • GetTempPathW.KERNEL32(00002000,004E3000), ref: 00403BC4
                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004E3000,00001FFB), ref: 00403BD5
                                                                                                                                • lstrcatW.KERNEL32(004E3000,\Temp), ref: 00403BE1
                                                                                                                                • GetTempPathW.KERNEL32(00001FFC,004E3000,004E3000,\Temp), ref: 00403BF5
                                                                                                                                • lstrcatW.KERNEL32(004E3000,Low), ref: 00403BFD
                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,004E3000,004E3000,Low), ref: 00403C0E
                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,004E3000), ref: 00403C16
                                                                                                                                • DeleteFileW.KERNEL32(004DF000), ref: 00403C30
                                                                                                                                • lstrcatW.KERNEL32(004E3000,~nsu), ref: 00403CD5
                                                                                                                                • lstrcatW.KERNEL32(004E3000,0040A310), ref: 00403CE4
                                                                                                                                • lstrcatW.KERNEL32(004E3000,.tmp), ref: 00403CEF
                                                                                                                                • lstrcmpiW.KERNEL32(004E3000,004DB000,004E3000,.tmp,004E3000,~nsu,004CF000,00000000,00000000), ref: 00403CFA
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004E3000,004E3000), ref: 00403D1A
                                                                                                                                • DeleteFileW.KERNEL32(0043DD38,0043DD38,?,0047F000,?), ref: 00403D6E
                                                                                                                                • CopyFileW.KERNEL32(004EB000,0043DD38,00000001), ref: 00403D80
                                                                                                                                • CloseHandle.KERNEL32(00000000,0043DD38,0043DD38,?,0043DD38,00000000), ref: 00403DBA
                                                                                                                                • OleUninitialize.OLE32(00000000), ref: 00403DDE
                                                                                                                                • ExitProcess.KERNEL32 ref: 00403DF5
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403E0F
                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403E16
                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403E2C
                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?), ref: 00403E53
                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403E7B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrcat$File$Process$CurrentDeleteDirectoryEnvironmentExitHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                • String ID: .tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                • API String ID: 2761035848-334447862
                                                                                                                                • Opcode ID: 2b168931827b624d388c5307711919c083385605a2809802de171a8a44c3eba7
                                                                                                                                • Instruction ID: eec84471274898f4a3339472cfa060b3076c1ae878811206599b9871bca88c89
                                                                                                                                • Opcode Fuzzy Hash: 2b168931827b624d388c5307711919c083385605a2809802de171a8a44c3eba7
                                                                                                                                • Instruction Fuzzy Hash: 26B1E6316443106AE7207F619D0AF273AAC9F04B5AF11453FF945B62D3DBBC9E40866E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00404D2A, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 298windowclipboardmemoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 139 404d2a-404d41 140 404d47-404e30 GetDlgItem * 3 call 4056e7 call 405a1d call 406119 call 406af2 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 404eec-404ef4 139->141 176 404e32-404e44 SendMessageW * 2 140->176 177 404e46-404e4c 140->177 143 404f20-404f26 141->143 144 404ef6-404f1a GetDlgItem CreateThread FindCloseChangeNotification 141->144 146 404f50-404f59 143->146 147 404f28-404f32 143->147 144->143 148 404fb6-404fb9 146->148 149 404f5b-404f61 146->149 151 404f74-404f7d call 40594c 147->151 152 404f34-404f4b ShowWindow * 2 call 4056e7 147->152 148->151 157 404fbb-404fbf 148->157 153 404f63-404f6f call 405b7f 149->153 154 404f8c-404fa0 ShowWindow 149->154 160 404f82-404f89 151->160 152->146 153->151 161 404fb0-404fb1 call 405b7f 154->161 162 404fa2-404fab call 405f97 154->162 157->151 164 404fc1-404fd7 SendMessageW 157->164 161->148 162->161 168 404ee5-404ee7 164->168 169 404fdd-40500c CreatePopupMenu call 406119 AppendMenuW 164->169 168->160 174 405022-40503e TrackPopupMenu 169->174 175 40500e-40501e GetWindowRect 169->175 174->168 178 405044-405050 174->178 175->174 176->177 179 404e58-404e71 call 4056fe 177->179 180 404e4e-404e56 SendMessageW 177->180 181 405058-405072 SendMessageW 178->181 185 404e73-404e87 ShowWindow 179->185 186 404ea5-404ecb GetDlgItem SendMessageW 179->186 180->179 181->181 184 405074-4050a2 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->184 187 4050a4-4050d0 SendMessageW 184->187 188 404e94 185->188 189 404e89-404e92 ShowWindow 185->189 186->168 190 404ecd-404ee3 SendMessageW * 2 186->190 187->187 191 4050d2-4050ee GlobalUnlock SetClipboardData CloseClipboard 187->191 192 404e9a-404ea0 call 4056e7 188->192 189->192 190->168 191->168 192->186
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E00404D2A() {
				int _t65;
				void* _t73;
				signed int _t75;
				short _t76;
				short _t77;
				int _t79;
				void* _t95;
				intOrPtr _t98;
				intOrPtr _t104;
				long _t114;
				struct HWND__* _t128;
				struct HWND__* _t130;
				struct HWND__* _t131;
				unsigned int _t132;
				int _t135;
				long _t136;
				int _t137;
				signed int _t138;
				short* _t139;
				int _t142;
				int _t145;
				void* _t147;
				long _t148;
				void* _t149;
				long _t150;
				void* _t151;
				void* _t152;

				_t128 =  *0x476208;
				_t136 =  *(_t151 + 0x64);
				if(_t136 != 0x110) {
					_t142 = 0;
					if(_t136 == 0x405) {
						_t95 = CreateThread(0, 0, E00405A6D, GetDlgItem( *(_t151 + 0x6c), 0x3ec), 0, _t151 + 0x64); // executed
						FindCloseChangeNotification(_t95); // executed
					}
					if(_t136 != 0x111) {
						L18:
						_t145 = 1;
						if(_t136 != 0x404) {
							L26:
							if(_t136 != 0x7b ||  *((intOrPtr*)(_t151 + 0x68)) != _t128) {
								goto L21;
							} else {
								_t137 = SendMessageW(_t128, 0x1004, _t142, _t142);
								 *(_t151 + 0x64) = _t137;
								if(_t137 <= 0) {
									L12:
									return 0;
								}
								 *((intOrPtr*)(_t151 + 0x70)) = CreatePopupMenu();
								AppendMenuW( *(_t151 + 0x74), _t142, _t145, E00406119(_t142, 0xffffffe1));
								_t132 =  *(_t151 + 0x6c);
								_t135 = _t132;
								_t65 = _t132 >> 0x10;
								if(_t132 == 0xffffffff) {
									GetWindowRect(_t128, _t151 + 0x10);
									_t135 =  *(_t151 + 0x10);
									_t65 =  *(_t151 + 0x14);
								}
								if(TrackPopupMenu( *(_t151 + 0x80), 0x180, _t135, _t65, _t142,  *(_t151 + 0x64), _t142) == _t145) {
									 *(_t151 + 0x28) = _t142;
									 *(_t151 + 0x34) = 0x441d48;
									 *((intOrPtr*)(_t151 + 0x38)) = 0x8000;
									do {
										_t137 = _t137 - 1;
										_t145 = _t145 + 2 + SendMessageW(_t128, 0x1073, _t137, _t151 + 0x20);
									} while (_t137 != 0);
									OpenClipboard(_t142);
									EmptyClipboard();
									_t147 = GlobalAlloc(0x42, _t145 * 2);
									 *(_t151 + 0x64) = _t147;
									_t73 = GlobalLock(_t147);
									_t148 =  *(_t151 + 0x64);
									_t138 = _t73;
									do {
										 *(_t151 + 0x34) = _t138;
										_t75 = SendMessageW(_t128, 0x1073, _t142, _t151 + 0x20);
										_t139 = _t138 + _t75 * 2;
										_t76 = 0xd;
										 *_t139 = _t76;
										_t77 = 0xa;
										 *((short*)(_t139 + 2)) = _t77;
										_t138 = _t139 + 4;
										_t142 = _t142 + 1;
									} while (_t142 < _t148);
									_t149 =  *(_t151 + 0x60);
									GlobalUnlock(_t149);
									_push(_t149);
									_t79 = 0xd;
									SetClipboardData(_t79, ??);
									CloseClipboard();
								}
								goto L12;
							}
						}
						if( *0x47620c == _t142) {
							ShowWindow( *0x47621c, 8); // executed
							if( *0x47e2ec == _t142) {
								E00405F97( *((intOrPtr*)( *0x451d4c + 0x34)), _t142);
							}
							E00405B7F(_t145);
							goto L26;
						}
						 *0x441d44 = 2;
						E00405B7F(0x78);
						goto L21;
					} else {
						if( *((intOrPtr*)(_t151 + 0x68)) != 0x403) {
							L21:
							return E0040594C(_t136,  *(_t151 + 0x6c),  *(_t151 + 0x6c));
						}
						ShowWindow( *0x476204, _t142);
						ShowWindow(_t128, 8);
						E004056E7(_t128);
						goto L18;
					}
				}
				 *(_t151 + 0x34) =  *(_t151 + 0x34) | 0xffffffff;
				asm("movaps xmm0, [0x40a500]");
				 *(_t151 + 0x20) = 2;
				asm("movups [esp+0x24], xmm0");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t98 =  *0x47e230;
				_t150 =  *(_t98 + 0x5c);
				 *((intOrPtr*)(_t151 + 0x70)) =  *((intOrPtr*)(_t98 + 0x60));
				 *0x476204 = GetDlgItem( *(_t151 + 0x64), 0x403);
				 *0x4761e8 = GetDlgItem( *(_t151 + 0x64), 0x3ee);
				_t130 = GetDlgItem( *(_t151 + 0x64), 0x3f8);
				 *0x476208 = _t130;
				E004056E7( *0x476204);
				_t104 = E00405A1D(4);
				_push(0x4d3000);
				 *0x4761ec = _t104;
				 *0x4761f0 = 0;
				E00406AF2(L"New install of \"%s\" to \"%s\"", E00406119(0, 0xfffffffd));
				_t152 = _t151 + 0xc;
				GetClientRect(_t130, _t152 + 0x10);
				 *((intOrPtr*)(_t152 + 0x28)) =  *((intOrPtr*)(_t152 + 0x18)) - GetSystemMetrics(2);
				SendMessageW(_t130, 0x1061, 0, _t152 + 0x20);
				SendMessageW(_t130, 0x1036, 0x4000, 0x4000); // executed
				if(_t150 >= 0) {
					SendMessageW(_t130, 0x1001, 0, _t150);
					SendMessageW(_t130, 0x1026, 0, _t150);
				}
				_t114 =  *(_t152 + 0x68);
				if(_t114 >= 0) {
					SendMessageW(_t130, 0x1024, 0, _t114);
				}
				_push( *((intOrPtr*)( *((intOrPtr*)(_t152 + 0x6c)) + 0x30)));
				_push(0x1b);
				E004056FE( *(_t152 + 0x68));
				if(( *0x47e22c & 0x00000003) != 0) {
					ShowWindow( *0x476204, 0); // executed
					if(( *0x47e22c & 0x00000002) != 0) {
						 *0x476204 = 0;
					} else {
						ShowWindow(_t130, 8);
					}
					E004056E7( *0x4761e8);
				}
				_t131 = GetDlgItem( *(_t152 + 0x64), 0x3ec);
				SendMessageW(_t131, 0x401, 0, 0x75300000);
				if(( *0x47e22c & 0x00000004) != 0) {
					SendMessageW(_t131, 0x409, 0,  *(_t152 + 0x68));
					SendMessageW(_t131, 0x2001, 0, _t150);
				}
				goto L12;
			}






























                                                                                                                                0x00404d2e
                                                                                                                                0x00404d37
                                                                                                                                0x00404d41
                                                                                                                                0x00404eec
                                                                                                                                0x00404ef4
                                                                                                                                0x00404f13
                                                                                                                                0x00404f1a
                                                                                                                                0x00404f1a
                                                                                                                                0x00404f26
                                                                                                                                0x00404f50
                                                                                                                                0x00404f52
                                                                                                                                0x00404f59
                                                                                                                                0x00404fb6
                                                                                                                                0x00404fb9
                                                                                                                                0x00000000
                                                                                                                                0x00404fc1
                                                                                                                                0x00404fcf
                                                                                                                                0x00404fd1
                                                                                                                                0x00404fd7
                                                                                                                                0x00404ee5
                                                                                                                                0x00000000
                                                                                                                                0x00404ee5
                                                                                                                                0x00404fe6
                                                                                                                                0x00404ff6
                                                                                                                                0x00404ffc
                                                                                                                                0x00405005
                                                                                                                                0x00405008
                                                                                                                                0x0040500c
                                                                                                                                0x00405014
                                                                                                                                0x0040501a
                                                                                                                                0x0040501e
                                                                                                                                0x0040501e
                                                                                                                                0x0040503e
                                                                                                                                0x00405044
                                                                                                                                0x00405048
                                                                                                                                0x00405050
                                                                                                                                0x00405058
                                                                                                                                0x0040505c
                                                                                                                                0x0040506e
                                                                                                                                0x00405070
                                                                                                                                0x00405075
                                                                                                                                0x0040507b
                                                                                                                                0x00405091
                                                                                                                                0x00405094
                                                                                                                                0x00405098
                                                                                                                                0x0040509e
                                                                                                                                0x004050a2
                                                                                                                                0x004050a4
                                                                                                                                0x004050a8
                                                                                                                                0x004050b4
                                                                                                                                0x004050bc
                                                                                                                                0x004050bf
                                                                                                                                0x004050c0
                                                                                                                                0x004050c5
                                                                                                                                0x004050c6
                                                                                                                                0x004050ca
                                                                                                                                0x004050cd
                                                                                                                                0x004050ce
                                                                                                                                0x004050d2
                                                                                                                                0x004050d7
                                                                                                                                0x004050dd
                                                                                                                                0x004050e0
                                                                                                                                0x004050e2
                                                                                                                                0x004050e8
                                                                                                                                0x004050e8
                                                                                                                                0x00000000
                                                                                                                                0x0040503e
                                                                                                                                0x00404fb9
                                                                                                                                0x00404f61
                                                                                                                                0x00404f94
                                                                                                                                0x00404fa0
                                                                                                                                0x00404fab
                                                                                                                                0x00404fab
                                                                                                                                0x00404fb1
                                                                                                                                0x00000000
                                                                                                                                0x00404fb1
                                                                                                                                0x00404f65
                                                                                                                                0x00404f6f
                                                                                                                                0x00000000
                                                                                                                                0x00404f28
                                                                                                                                0x00404f32
                                                                                                                                0x00404f74
                                                                                                                                0x00000000
                                                                                                                                0x00404f7d
                                                                                                                                0x00404f3b
                                                                                                                                0x00404f44
                                                                                                                                0x00404f4b
                                                                                                                                0x00000000
                                                                                                                                0x00404f4b
                                                                                                                                0x00404f26
                                                                                                                                0x00404d47
                                                                                                                                0x00404d50
                                                                                                                                0x00404d59
                                                                                                                                0x00404d61
                                                                                                                                0x00404d66
                                                                                                                                0x00404d76
                                                                                                                                0x00404d77
                                                                                                                                0x00404d78
                                                                                                                                0x00404d79
                                                                                                                                0x00404d7a
                                                                                                                                0x00404d7f
                                                                                                                                0x00404d85
                                                                                                                                0x00404d94
                                                                                                                                0x00404da4
                                                                                                                                0x00404db1
                                                                                                                                0x00404db3
                                                                                                                                0x00404db9
                                                                                                                                0x00404dc0
                                                                                                                                0x00404dc5
                                                                                                                                0x00404dcc
                                                                                                                                0x00404dd4
                                                                                                                                0x00404de5
                                                                                                                                0x00404dea
                                                                                                                                0x00404df3
                                                                                                                                0x00404e11
                                                                                                                                0x00404e1d
                                                                                                                                0x00404e2c
                                                                                                                                0x00404e30
                                                                                                                                0x00404e3a
                                                                                                                                0x00404e44
                                                                                                                                0x00404e44
                                                                                                                                0x00404e46
                                                                                                                                0x00404e4c
                                                                                                                                0x00404e56
                                                                                                                                0x00404e56
                                                                                                                                0x00404e5c
                                                                                                                                0x00404e5f
                                                                                                                                0x00404e65
                                                                                                                                0x00404e71
                                                                                                                                0x00404e7a
                                                                                                                                0x00404e87
                                                                                                                                0x00404e94
                                                                                                                                0x00404e89
                                                                                                                                0x00404e8c
                                                                                                                                0x00404e8c
                                                                                                                                0x00404ea0
                                                                                                                                0x00404ea0
                                                                                                                                0x00404eba
                                                                                                                                0x00404ec2
                                                                                                                                0x00404ecb
                                                                                                                                0x00404ed9
                                                                                                                                0x00404ee3
                                                                                                                                0x00404ee3
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32 ref: 00404D89
                                                                                                                                • GetDlgItem.USER32 ref: 00404D99
                                                                                                                                • GetClientRect.USER32 ref: 00404DF3
                                                                                                                                • GetSystemMetrics.USER32 ref: 00404DFB
                                                                                                                                • SendMessageW.USER32(00000000,00001061,00000000,?), ref: 00404E1D
                                                                                                                                • SendMessageW.USER32(00000000,00001036,00004000,00004000), ref: 00404E2C
                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00404E3A
                                                                                                                                • SendMessageW.USER32(00000000,00001026,00000000,?), ref: 00404E44
                                                                                                                                • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 00404E56
                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00404E7A
                                                                                                                                • ShowWindow.USER32(00000000,00000008), ref: 00404E8C
                                                                                                                                • GetDlgItem.USER32 ref: 00404EAE
                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00404EC2
                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00404ED9
                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,?), ref: 00404EE3
                                                                                                                                • GetDlgItem.USER32 ref: 00404DA9
                                                                                                                                  • Part of subcall function 004056E7: SendMessageW.USER32(00000028,?,00000001,004054F8), ref: 004056F5
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • GetDlgItem.USER32 ref: 00404F05
                                                                                                                                • CreateThread.KERNEL32 ref: 00404F13
                                                                                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 00404F1A
                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404F3B
                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00404F44
                                                                                                                                • ShowWindow.USER32(00000008), ref: 00404F94
                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00404FC9
                                                                                                                                • CreatePopupMenu.USER32 ref: 00404FDD
                                                                                                                                • AppendMenuW.USER32 ref: 00404FF6
                                                                                                                                • GetWindowRect.USER32 ref: 00405014
                                                                                                                                • TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 00405036
                                                                                                                                • SendMessageW.USER32(?,00001073,-00000001,?), ref: 00405065
                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405075
                                                                                                                                • EmptyClipboard.USER32 ref: 0040507B
                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040508B
                                                                                                                                • GlobalLock.KERNEL32 ref: 00405098
                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004050B4
                                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 004050D7
                                                                                                                                • SetClipboardData.USER32 ref: 004050E2
                                                                                                                                • CloseClipboard.USER32 ref: 004050E8
                                                                                                                                Strings
                                                                                                                                • New install of "%s" to "%s", xrefs: 00404DE0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlocklstrlenwvsprintf
                                                                                                                                • String ID: New install of "%s" to "%s"
                                                                                                                                • API String ID: 725053075-224445694
                                                                                                                                • Opcode ID: 89409205765a269f45f126a2d1b8b59d6d89d58b43d4c266c488d3d629a0dfb4
                                                                                                                                • Instruction ID: 4d15d28a9f88692066e4b340256ef3ffe4673620893b6c8aa6255a4dc92d9fc9
                                                                                                                                • Opcode Fuzzy Hash: 89409205765a269f45f126a2d1b8b59d6d89d58b43d4c266c488d3d629a0dfb4
                                                                                                                                • Instruction Fuzzy Hash: 72A1A0B1205304BFE710AB61DD49E6B7BADFB88714F00093AF645A62E2C7799840CB69
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 032710D0, Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 217COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 459 32710d0-32710fe GetVersionExW 460 3271100-3271105 459->460 461 327110a-3271113 459->461 464 3271374-3271376 460->464 462 3271115-327111c 461->462 463 327112c-3271143 LoadLibraryW 461->463 465 3271227-3271239 LoadLibraryA 462->465 466 3271122-3271127 462->466 467 3271145-3271156 GetProcAddress 463->467 468 32711af 463->468 472 327123f-3271268 GetProcAddress * 3 465->472 473 3271349-327134e 465->473 469 3271372-3271373 466->469 470 327119f 467->470 471 3271158-3271164 LocalAlloc 467->471 474 32711b4-32711b6 468->474 469->464 476 32711a4-32711ad FreeLibrary 470->476 475 3271193-3271196 471->475 477 327126e-3271270 472->477 478 327133a-327133d FreeLibrary 472->478 473->469 479 32711bf 474->479 480 32711b8-32711ba 474->480 483 3271166-3271177 NtQuerySystemInformation 475->483 484 3271198-327119d 475->484 476->474 477->478 485 3271276-3271278 477->485 482 3271343-3271347 478->482 481 32711c2-32711c7 479->481 480->469 486 327120f-3271213 481->486 487 32711c9-32711ee lstrcpynW lstrcmpiW 481->487 482->473 488 3271350-3271354 482->488 483->476 489 3271179-3271188 LocalFree 483->489 484->476 485->478 490 327127e-3271289 485->490 494 3271215-3271217 486->494 495 3271219-3271222 LocalFree 486->495 487->486 491 32711f0-32711f7 487->491 492 3271356-327135a 488->492 493 3271370 488->493 489->484 496 327118a-3271191 LocalAlloc 489->496 490->478 501 327128f-32712a3 490->501 491->495 497 32711f9-327120c call 327103f 491->497 498 3271363-3271367 492->498 499 327135c-3271361 492->499 493->469 494->481 495->482 496->475 497->486 498->493 503 3271369-327136e 498->503 499->469 506 327132b-327132d 501->506 503->469 507 3271333-3271334 CloseHandle 506->507 508 32712a8-32712bc lstrlenW 506->508 507->478 509 32712c3-32712c7 508->509 510 32712be-32712c0 509->510 511 32712c9-32712fc lstrlenA MultiByteToWideChar lstrcmpiW 509->511 510->511 512 32712c2 510->512 513 3271320-3271327 511->513 514 32712fe-3271305 511->514 512->509 513->506 514->507 515 3271307-327131d call 327103f 514->515 515->513
                                                                                                                                C-Code - Quality: 95%
                                                                                                                                			E032710D0(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				struct HINSTANCE__* _v12;
				char _v16;
				int _v20;
				int _v24;
				struct HINSTANCE__* _v28;
				long _v32;
				struct _OSVERSIONINFOW _v308;
				short _v828;
				intOrPtr _v856;
				char _v864;
				short _v1384;
				struct HINSTANCE__* _t55;
				WCHAR* _t56;
				struct HINSTANCE__* _t57;
				struct HINSTANCE__* _t59;
				struct HINSTANCE__* _t63;
				int* _t64;
				struct HINSTANCE__* _t68;
				struct HINSTANCE__* _t70;
				_Unknown_base(*)()* _t77;
				struct HINSTANCE__* _t81;
				struct HINSTANCE__* _t84;
				int _t90;
				struct HINSTANCE__* _t92;
				long _t99;
				struct HINSTANCE__* _t101;
				struct HINSTANCE__* _t102;
				struct HINSTANCE__* _t104;
				struct HINSTANCE__* _t105;
				void* _t106;
				struct HINSTANCE__** _t109;
				struct HINSTANCE__* _t113;
				CHAR* _t114;
				void* _t115;
				void* _t116;

				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v308.dwOSVersionInfoSize = 0x114;
				if(GetVersionExW( &_v308) != 0) {
					__eflags = _v308.dwPlatformId - 2;
					if(_v308.dwPlatformId == 2) {
						_t99 = 0x4000;
						_t55 = LoadLibraryW(L"NTDLL.DLL");
						_v12 = _t55;
						__eflags = _t55;
						if(_t55 == 0) {
							_t104 = 0x25e;
							L16:
							__eflags = _t104;
							if(_t104 == 0) {
								_t109 = _v8;
								while(1) {
									_t56 = _t109[0xf];
									__eflags = _t56;
									if(_t56 == 0) {
										goto L23;
									}
									lstrcpynW( &_v1384, _t56, 0x104);
									_t63 = lstrcmpiW( &_v1384, _a4);
									__eflags = _t63;
									if(_t63 != 0) {
										goto L23;
									}
									_t64 =  &(_t63->i);
									_v20 = _t64;
									__eflags = _a8 - _t64;
									if(_a8 != _t64) {
										L25:
										LocalFree(_v8); // executed
										L43:
										__eflags = _v20;
										if(_v20 != 0) {
											__eflags = _a8 - 1;
											if(_a8 != 1) {
												L50:
												_t59 = 0;
												__eflags = 0;
												L51:
												return _t59;
											}
											__eflags = _v24;
											if(_v24 != 0) {
												__eflags = _v16 - 1;
												if(_v16 != 1) {
													goto L50;
												}
												_t59 = 0x25a;
												goto L51;
											}
											_t59 = 0x259;
											goto L51;
										}
										L44:
										_t59 = 0x25b;
										goto L51;
									}
									E0327103F(_t109[0x11], _a12,  &_v24,  &_v16);
									_t116 = _t116 + 0x10;
									L23:
									_t57 =  *_t109;
									__eflags = _t57;
									if(_t57 == 0) {
										goto L25;
									}
									_t109 = _t109 + _t57;
								}
							}
							_t59 = _t104;
							goto L51;
						}
						_t68 = GetProcAddress(_t55, "NtQuerySystemInformation");
						_v28 = _t68;
						__eflags = _t68;
						if(_t68 == 0) {
							_t104 = 0x25f;
							L14:
							FreeLibrary(_v12);
							goto L16;
						}
						_t70 = LocalAlloc(0, 0x4000);
						__eflags = _t70;
						while(1) {
							_v8 = _t70;
							if(__eflags == 0) {
								break;
							}
							_t104 = NtQuerySystemInformation(5, _v8, _t99,  &_v32);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L14;
							}
							LocalFree(_v8); // executed
							__eflags = _t104 - 0xc0000004;
							if(_t104 != 0xc0000004) {
								break;
							}
							_t99 = _t99 + _t99;
							_t70 = LocalAlloc(0, _t99); // executed
							__eflags = _t70;
						}
						_t104 = 0x260;
						goto L14;
					}
					__eflags = _v308.dwPlatformId - 1;
					if(_v308.dwPlatformId == 1) {
						_t101 = LoadLibraryA("KERNEL32.DLL");
						_v12 = _t101;
						__eflags = _t101;
						if(_t101 == 0) {
							goto L44;
						}
						_t105 = GetProcAddress(_t101, "CreateToolhelp32Snapshot");
						_t102 = GetProcAddress(_t101, "Process32First");
						_t77 = GetProcAddress(_v12, "Process32Next");
						_v28 = _t77;
						__eflags = _t105;
						if(_t105 == 0) {
							L42:
							FreeLibrary(_v12);
							goto L43;
						}
						__eflags = _t77;
						if(_t77 == 0) {
							goto L42;
						}
						__eflags = _t102;
						if(_t102 == 0) {
							goto L42;
						}
						_t106 = _t105->i(2, 0);
						__eflags = _t106 - 0xffffffff;
						if(_t106 == 0xffffffff) {
							goto L42;
						}
						_v864 = 0x22c;
						_t81 = _t102->i(_t106,  &_v864);
						while(1) {
							__eflags = _t81;
							if(_t81 == 0) {
								break;
							}
							_t113 = _t115 + lstrlenW( &_v828) * 2 - 0x33a;
							while(1) {
								_t84 = _t113->i;
								__eflags = _t84 - 0x5c;
								if(_t84 == 0x5c) {
									break;
								}
								__eflags = _t84;
								if(_t84 == 0) {
									break;
								}
								_t113 = _t113 - 1;
								__eflags = _t113;
							}
							_t114 =  &(_t113->i);
							MultiByteToWideChar(0, 0, _t114, lstrlenA(_t114) + 1,  &_v1384, 0x104);
							_t90 = lstrcmpiW( &_v1384, _a4);
							__eflags = _t90;
							if(_t90 != 0) {
								L39:
								_t81 = _v28(_t106,  &_v864);
								continue;
							}
							_t92 = _t90 + 1;
							_v20 = _t92;
							__eflags = _a8 - _t92;
							if(_a8 != _t92) {
								break;
							}
							E0327103F(_v856, _a12,  &_v24,  &_v16);
							_t116 = _t116 + 0x10;
							goto L39;
						}
						CloseHandle(_t106);
						goto L42;
					}
					_t59 = 0x25d;
					goto L51;
				}
				return 0x25c;
			}







































                                                                                                                                0x032710e3
                                                                                                                                0x032710e6
                                                                                                                                0x032710e9
                                                                                                                                0x032710ec
                                                                                                                                0x032710fe
                                                                                                                                0x0327110a
                                                                                                                                0x03271113
                                                                                                                                0x03271136
                                                                                                                                0x03271138
                                                                                                                                0x0327113e
                                                                                                                                0x03271141
                                                                                                                                0x03271143
                                                                                                                                0x032711af
                                                                                                                                0x032711b4
                                                                                                                                0x032711b4
                                                                                                                                0x032711b6
                                                                                                                                0x032711bf
                                                                                                                                0x032711c2
                                                                                                                                0x032711c2
                                                                                                                                0x032711c5
                                                                                                                                0x032711c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x032711d6
                                                                                                                                0x032711e6
                                                                                                                                0x032711ec
                                                                                                                                0x032711ee
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x032711f0
                                                                                                                                0x032711f1
                                                                                                                                0x032711f4
                                                                                                                                0x032711f7
                                                                                                                                0x03271219
                                                                                                                                0x0327121c
                                                                                                                                0x03271343
                                                                                                                                0x03271343
                                                                                                                                0x03271347
                                                                                                                                0x03271350
                                                                                                                                0x03271354
                                                                                                                                0x03271370
                                                                                                                                0x03271370
                                                                                                                                0x03271370
                                                                                                                                0x03271372
                                                                                                                                0x00000000
                                                                                                                                0x03271373
                                                                                                                                0x03271356
                                                                                                                                0x0327135a
                                                                                                                                0x03271363
                                                                                                                                0x03271367
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271369
                                                                                                                                0x00000000
                                                                                                                                0x03271369
                                                                                                                                0x0327135c
                                                                                                                                0x00000000
                                                                                                                                0x0327135c
                                                                                                                                0x03271349
                                                                                                                                0x03271349
                                                                                                                                0x00000000
                                                                                                                                0x03271349
                                                                                                                                0x03271207
                                                                                                                                0x0327120c
                                                                                                                                0x0327120f
                                                                                                                                0x0327120f
                                                                                                                                0x03271211
                                                                                                                                0x03271213
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271215
                                                                                                                                0x03271215
                                                                                                                                0x032711c2
                                                                                                                                0x032711b8
                                                                                                                                0x00000000
                                                                                                                                0x032711b8
                                                                                                                                0x0327114b
                                                                                                                                0x03271151
                                                                                                                                0x03271154
                                                                                                                                0x03271156
                                                                                                                                0x0327119f
                                                                                                                                0x032711a4
                                                                                                                                0x032711a7
                                                                                                                                0x00000000
                                                                                                                                0x032711a7
                                                                                                                                0x03271160
                                                                                                                                0x03271162
                                                                                                                                0x03271193
                                                                                                                                0x03271193
                                                                                                                                0x03271196
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271173
                                                                                                                                0x03271175
                                                                                                                                0x03271177
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0327117c
                                                                                                                                0x03271182
                                                                                                                                0x03271188
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0327118a
                                                                                                                                0x0327118f
                                                                                                                                0x03271191
                                                                                                                                0x03271191
                                                                                                                                0x03271198
                                                                                                                                0x00000000
                                                                                                                                0x03271198
                                                                                                                                0x03271115
                                                                                                                                0x0327111c
                                                                                                                                0x03271232
                                                                                                                                0x03271234
                                                                                                                                0x03271237
                                                                                                                                0x03271239
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271253
                                                                                                                                0x0327125f
                                                                                                                                0x03271261
                                                                                                                                0x03271263
                                                                                                                                0x03271266
                                                                                                                                0x03271268
                                                                                                                                0x0327133a
                                                                                                                                0x0327133d
                                                                                                                                0x00000000
                                                                                                                                0x0327133d
                                                                                                                                0x0327126e
                                                                                                                                0x03271270
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271276
                                                                                                                                0x03271278
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271284
                                                                                                                                0x03271286
                                                                                                                                0x03271289
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271297
                                                                                                                                0x032712a1
                                                                                                                                0x0327132b
                                                                                                                                0x0327132b
                                                                                                                                0x0327132d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x032712b5
                                                                                                                                0x032712c3
                                                                                                                                0x032712c3
                                                                                                                                0x032712c5
                                                                                                                                0x032712c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x032712be
                                                                                                                                0x032712c0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x032712c2
                                                                                                                                0x032712c2
                                                                                                                                0x032712c2
                                                                                                                                0x032712d5
                                                                                                                                0x032712e4
                                                                                                                                0x032712f4
                                                                                                                                0x032712fa
                                                                                                                                0x032712fc
                                                                                                                                0x03271320
                                                                                                                                0x03271328
                                                                                                                                0x00000000
                                                                                                                                0x03271328
                                                                                                                                0x032712fe
                                                                                                                                0x032712ff
                                                                                                                                0x03271302
                                                                                                                                0x03271305
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x03271318
                                                                                                                                0x0327131d
                                                                                                                                0x00000000
                                                                                                                                0x0327131d
                                                                                                                                0x03271334
                                                                                                                                0x00000000
                                                                                                                                0x03271334
                                                                                                                                0x03271122
                                                                                                                                0x00000000
                                                                                                                                0x03271122
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 032710F6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.456509856.0000000003271000.00000020.00020000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.456489490.0000000003270000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456569651.0000000003272000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456602295.0000000003274000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_3270000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Version
                                                                                                                                • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$NTDLL.DLL$NtQuerySystemInformation$Process32First$Process32Next
                                                                                                                                • API String ID: 1889659487-877962304
                                                                                                                                • Opcode ID: 53065c3d73f8866636f5b8e454f7b0a7ef1ce1e89d00405d38b01c4bf24607d7
                                                                                                                                • Instruction ID: ba5502bc85fdd4bed050f6ac4672709565ddb4717f9b632d70aa795ebb023ec3
                                                                                                                                • Opcode Fuzzy Hash: 53065c3d73f8866636f5b8e454f7b0a7ef1ce1e89d00405d38b01c4bf24607d7
                                                                                                                                • Instruction Fuzzy Hash: 0F719C7192021AEFDB21EBA4DC48BAEBBBDFF44745F184465E915E6140E370AA90CF60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040423E, Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 322keyboardCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 518 40423e-404244 519 404246-404257 call 40594c 518->519 520 40426a-40426c 518->520 522 40427c-404291 520->522 523 40426e-404279 520->523 525 404293-4042b3 call 406fa8 call 407252 call 405a4c GetDlgItem 522->525 526 4042ca-4042d0 522->526 523->522 544 404632-40464a call 40594c 525->544 566 4042b9-4042c5 IsDlgButtonChecked 525->566 528 4042d6-4042f2 GetDlgItem GetAsyncKeyState 526->528 529 404379-40437f 526->529 533 4042f4-404311 GetDlgItem call 4056fe ShowWindow 528->533 534 404315-40431d call 40730e 528->534 530 404385-404392 529->530 531 404466-40446c 529->531 536 404394-40439f 530->536 537 4043ac-4043b2 530->537 538 40447a-4044b4 call 406fa8 call 406a74 call 40708c call 406e4e 531->538 539 40446e-404474 531->539 533->534 549 40432f-40436e SetWindowTextW call 4056fe * 2 call 4056e7 call 406e4e 534->549 550 40431f-404327 call 407123 534->550 536->544 545 4043a5-4043a8 536->545 537->531 547 4043b8-404403 call 406119 SHBrowseForFolderW 537->547 584 404504-404513 call 40708c call 407123 538->584 585 4044b6 538->585 539->538 539->544 545->537 564 404405-40441f CoTaskMemFree call 40699c 547->564 565 40445d-404462 547->565 549->544 592 404374-404377 SHAutoComplete 549->592 550->549 567 404329-40432a call 40699c 550->567 577 404421-404427 564->577 578 404449-40445b SetDlgItemTextW 564->578 565->531 566->526 567->549 577->578 581 404429-404440 call 406119 lstrcmpiW 577->581 578->531 581->578 593 404442-404444 lstrcatW 581->593 604 404515-404517 584->604 605 40451a-404537 GetDiskFreeSpaceW 584->605 586 4044b8-4044d0 GetDiskFreeSpaceExW 585->586 590 4044d6-4044d8 586->590 591 404559-404565 586->591 595 4044da 590->595 596 4044dd-4044fd call 407225 590->596 597 404568-404577 591->597 592->529 593->578 595->596 596->586 607 4044ff 596->607 599 404581-40458f call 405a1d 597->599 610 4045a0 599->610 611 404591-404593 599->611 604->605 608 404579-40457d 605->608 609 404539-404557 MulDiv 605->609 607->584 608->599 609->597 613 4045a4-4045ae 610->613 611->610 612 404595 611->612 614 404597-404599 612->614 615 40459b-40459e 612->615 616 4045b0-4045c2 call 405744 613->616 617 4045ea-4045f2 613->617 614->610 614->615 615->613 626 4045c4-4045d8 call 405744 616->626 627 4045da-4045e5 SetDlgItemTextW 616->627 619 4045f4-4045fb call 4014e3 617->619 620 4045fd-40461d call 405687 617->620 619->620 628 40462c 620->628 629 40461f-404625 620->629 626->617 627->617 628->544 629->628 631 404627 call 405720 629->631 631->628
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E0040423E(void* __eflags, signed int _a12, long _a16, long _a20, union _ULARGE_INTEGER _a24, void* _a28, intOrPtr _a32, union _ULARGE_INTEGER _a36, union _ULARGE_INTEGER _a44, signed int _a48, struct HWND__* _a52, void _a56, WCHAR* _a60, signed int _a72, WCHAR* _a76, intOrPtr _a80, signed int _a84, struct HWND__* _a88, struct HWND__* _a92, unsigned int _a96, intOrPtr _a100) {
				intOrPtr _v0;
				intOrPtr _t68;
				signed int _t71;
				signed int _t73;
				signed int _t75;
				signed int _t80;
				void* _t81;
				intOrPtr _t82;
				struct %anon54 _t95;
				signed int _t101;
				signed int _t104;
				unsigned int _t105;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				signed short _t119;
				signed int _t120;
				signed int _t127;
				signed int _t129;
				struct HWND__* _t131;
				struct HWND__* _t137;
				void* _t139;
				void* _t140;
				WCHAR* _t141;
				signed int _t142;
				void* _t147;
				signed int _t149;
				signed int _t150;
				void* _t156;
				struct %anon54 _t158;
				long _t166;
				struct HWND__* _t169;
				WCHAR* _t170;
				signed int _t171;
				void* _t172;
				signed int _t173;
				signed int _t175;
				unsigned int _t176;
				short* _t177;
				struct HWND__* _t180;
				void* _t183;

				_pop(_t183);
				asm("sbb eax, 0xff550045");
				if(__eflags == 0) {
					__eflags = _t68 - 0xc1;
					asm("jecxz 0x10");
					_t169 = _a92;
					_t141 = _t140 + 0x47f000;
					_a32 = _t68;
					_a12 =  *((intOrPtr*)(_t68 + 0x38));
					__eflags = _t169 - 0x40b;
					if(_t169 != 0x40b) {
						L6:
						__eflags = _t169 - 0x110;
						if(_t169 != 0x110) {
							L14:
							__eflags = _t169 - 0x111;
							if(_t169 != 0x111) {
								L26:
								__eflags = _t169 - 0x40f;
								if(__eflags == 0) {
									L28:
									_a88 = _a88 & 0x00000000;
									E00406FA8(0x3fb, _t141);
									_t71 = E00406A74(__eflags, _t141);
									_t170 = 0x455d68;
									_t156 = 1;
									__eflags = _t71;
									_t146 =  ==  ? _t156 : 0;
									_v0 =  ==  ? _t156 : 0;
									E0040708C(0x455d68, _t141);
									_t73 = E00406E4E(_t156);
									__eflags = _t73;
									if(_t73 == 0) {
										L35:
										E0040708C(_t170, _t141);
										_t75 = E00407123(_t170);
										__eflags = _t75;
										if(_t75 != 0) {
											__eflags = 0;
											 *_t75 = 0;
										}
										_t80 = GetDiskFreeSpaceW(_t170,  &_a20,  &_a24,  &_a16,  &_a36);
										__eflags = _t80;
										if(_t80 == 0) {
											_t171 = _a48;
											_t158 = _a44.LowPart;
										} else {
											_t95 = MulDiv(_a20 * _a24.LowPart, _a16, 0x400);
											asm("cdq");
											_t158 = _t95;
											_t171 = 0x300;
											goto L40;
										}
									} else {
										_t175 = 0;
										__eflags = 0;
										while(1) {
											_t101 = GetDiskFreeSpaceExW(0x455d68,  &_a44,  &_a24,  &_a36); // executed
											__eflags = _t101;
											if(_t101 != 0) {
												break;
											}
											__eflags = _t175;
											if(_t175 != 0) {
												 *_t175 = _t101;
											}
											_t177 = E00407225(0x455d68);
											 *_t177 = 0;
											_t175 = _t177 - 2;
											_t104 = 0x5c;
											 *_t175 = _t104;
											__eflags = _t175 - 0x455d68;
											if(_t175 != 0x455d68) {
												continue;
											} else {
												_t170 = 0x455d68;
												goto L35;
											}
											goto L42;
										}
										_t176 = _a48;
										_t158 = (_t176 << 0x00000020 | _a44.LowPart) >> 0xa;
										_t171 = _t176 >> 0xa;
										__eflags = _t171;
										L40:
										_a44.LowPart = _t158;
										_a48 = _t171;
										_a88 = 1;
									}
									L42:
									_t81 = E00405A1D(5);
									__eflags = _a84;
									_t147 = _t81;
									if(_a84 == 0) {
										L47:
										_t142 = _a12;
									} else {
										__eflags = _t171;
										if(__eflags > 0) {
											goto L47;
										} else {
											if(__eflags < 0) {
												L46:
												_t142 = 2;
											} else {
												__eflags = _t158 - _t147;
												if(_t158 >= _t147) {
													goto L47;
												} else {
													goto L46;
												}
											}
										}
									}
									_t82 =  *0x476200;
									__eflags =  *(_t82 + 0x10);
									if( *(_t82 + 0x10) != 0) {
										_push(0);
										E00405744(_t147, 0x3ff, 0xfffffffb, _t147);
										__eflags = _a72;
										if(_a72 == 0) {
											SetDlgItemTextW(_t180, 0x400, 0x40a2c0);
										} else {
											_push(_a44.LowPart);
											E00405744(_t147, 0x400, 0xfffffffc,  *((intOrPtr*)(_t183 + 0x34)));
										}
									}
									 *0x47e304 = _t142;
									__eflags = _t142;
									if(_t142 == 0) {
										_t142 = E004014E3(7);
									}
									_t172 = 0;
									__eflags =  *(_a32 + 0x14) & 0x00000400;
									_t173 =  ==  ? _t142 : _t172;
									__eflags = _t173;
									E00405687(0 | _t173 == 0x00000000);
									__eflags = _t173;
									if(_t173 == 0) {
										__eflags =  *0x451d60;
										if( *0x451d60 == 0) {
											E00405720();
										}
									}
									 *0x451d60 = 0;
								} else {
									__eflags = _t169 - 0x405;
									if(__eflags == 0) {
										goto L28;
									}
								}
							} else {
								_t105 = _a96;
								_t149 = _t105 & 0x0000ffff;
								__eflags = _t149 - 0x3fb;
								if(_t149 != 0x3fb) {
									L18:
									__eflags = _t149 - 0x3e9;
									if(_t149 == 0x3e9) {
										_t150 = 7;
										memset( &_a56, 0, _t150 << 2);
										_t183 = _t183 + 0xc;
										_a52 = _t180;
										_a60 = 0x441d48;
										_a72 = E0040513A;
										_a76 = _t141;
										_a56 = E00406119(0x451d68, _a12);
										_t109 =  &_a44;
										_a60 = 0x41;
										__imp__SHBrowseForFolderW(_t109);
										__eflags = _t109;
										if(_t109 == 0) {
											_t169 = 0x40f;
											_a88 = 0x40f;
										} else {
											__imp__CoTaskMemFree(_t109);
											E0040699C(_t141);
											_t112 =  *( *0x47e230 + 0x11c);
											__eflags = _t112;
											if(_t112 != 0) {
												__eflags = _t141 - 0x4d3000;
												if(_t141 == 0x4d3000) {
													E00406119(0, _t112);
													_t115 = lstrcmpiW(0x46e1c0, 0x441d48);
													__eflags = _t115;
													if(_t115 != 0) {
														lstrcatW(_t141, 0x46e1c0);
													}
												}
											}
											 *0x451d60 =  *0x451d60 + 1;
											SetDlgItemTextW(_t180, 0x3fb, _t141);
										}
									}
									goto L26;
								} else {
									__eflags = _t105 >> 0x10 - 0x300;
									if(_t105 >> 0x10 == 0x300) {
										_t169 = _t149 + 0x14;
										_a92 = _t169;
										goto L18;
									}
								}
							}
						} else {
							_a88 = GetDlgItem(_t180, 0x3fb);
							_t119 = GetAsyncKeyState(0x10);
							__eflags = 0x00008000 & _t119;
							if((0x00008000 & _t119) != 0) {
								_t131 = GetDlgItem(_t180, 0x3f0);
								_push(0xffffffe0);
								_push(8);
								E004056FE(_t180);
								ShowWindow(_t131, 8);
								_t169 = _a80;
							}
							_t120 = E0040730E(_t141);
							__eflags = _t120;
							if(_t120 != 0) {
								_t129 = E00407123(_t141);
								__eflags = _t129;
								if(_t129 == 0) {
									E0040699C(_t141);
								}
							}
							_t166 = _a88;
							 *0x4761fc = _t180;
							SetWindowTextW(_t166, _t141);
							_push( *((intOrPtr*)(_a100 + 0x34)));
							_push(1);
							E004056FE(_t180);
							_push( *((intOrPtr*)(_a88 + 0x30)));
							_push(0x14);
							E004056FE(_t180);
							E004056E7(_t166);
							_t127 = E00406E4E(7);
							__eflags = _t127;
							if(_t127 != 0) {
								SHAutoComplete(_t166, 1); // executed
								goto L14;
							}
						}
					} else {
						E00406FA8(0x3fb, _t141);
						E00407252(_t141);
						E00405A4C();
						_t137 = GetDlgItem(_t180, 0x3f0);
						__eflags = _t137;
						if(_t137 != 0) {
							 *0x46d1a0 = IsDlgButtonChecked(_t180, 0x3f0);
							goto L6;
						}
					}
					return E0040594C(_a92, _a96, _a100);
				} else {
					_push(0x682474ff);
					_t139 = E0040594C();
					return _t139;
				}
			}












































                                                                                                                                0x0040423e
                                                                                                                                0x0040423f
                                                                                                                                0x00404244
                                                                                                                                0x0040426a
                                                                                                                                0x0040426c
                                                                                                                                0x0040426f
                                                                                                                                0x00404273
                                                                                                                                0x00404279
                                                                                                                                0x00404280
                                                                                                                                0x0040428b
                                                                                                                                0x00404291
                                                                                                                                0x004042ca
                                                                                                                                0x004042ca
                                                                                                                                0x004042d0
                                                                                                                                0x00404379
                                                                                                                                0x00404379
                                                                                                                                0x0040437f
                                                                                                                                0x00404466
                                                                                                                                0x00404466
                                                                                                                                0x0040446c
                                                                                                                                0x0040447a
                                                                                                                                0x0040447a
                                                                                                                                0x00404485
                                                                                                                                0x0040448b
                                                                                                                                0x00404494
                                                                                                                                0x00404499
                                                                                                                                0x0040449a
                                                                                                                                0x0040449d
                                                                                                                                0x004044a1
                                                                                                                                0x004044a5
                                                                                                                                0x004044ab
                                                                                                                                0x004044b2
                                                                                                                                0x004044b4
                                                                                                                                0x00404504
                                                                                                                                0x00404506
                                                                                                                                0x0040450c
                                                                                                                                0x00404511
                                                                                                                                0x00404513
                                                                                                                                0x00404515
                                                                                                                                0x00404517
                                                                                                                                0x00404517
                                                                                                                                0x0040452f
                                                                                                                                0x00404535
                                                                                                                                0x00404537
                                                                                                                                0x00404579
                                                                                                                                0x0040457d
                                                                                                                                0x00404539
                                                                                                                                0x0040454c
                                                                                                                                0x00404552
                                                                                                                                0x00404553
                                                                                                                                0x00404555
                                                                                                                                0x00000000
                                                                                                                                0x00404555
                                                                                                                                0x004044b6
                                                                                                                                0x004044b6
                                                                                                                                0x004044b6
                                                                                                                                0x004044b8
                                                                                                                                0x004044cc
                                                                                                                                0x004044ce
                                                                                                                                0x004044d0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004044d6
                                                                                                                                0x004044d8
                                                                                                                                0x004044da
                                                                                                                                0x004044da
                                                                                                                                0x004044e7
                                                                                                                                0x004044ed
                                                                                                                                0x004044f0
                                                                                                                                0x004044f3
                                                                                                                                0x004044f4
                                                                                                                                0x004044f7
                                                                                                                                0x004044fd
                                                                                                                                0x00000000
                                                                                                                                0x004044ff
                                                                                                                                0x004044ff
                                                                                                                                0x00000000
                                                                                                                                0x004044ff
                                                                                                                                0x00000000
                                                                                                                                0x004044fd
                                                                                                                                0x0040455d
                                                                                                                                0x00404561
                                                                                                                                0x00404565
                                                                                                                                0x00404565
                                                                                                                                0x00404568
                                                                                                                                0x0040456a
                                                                                                                                0x0040456f
                                                                                                                                0x00404573
                                                                                                                                0x00404573
                                                                                                                                0x00404581
                                                                                                                                0x00404583
                                                                                                                                0x00404588
                                                                                                                                0x0040458d
                                                                                                                                0x0040458f
                                                                                                                                0x004045a0
                                                                                                                                0x004045a0
                                                                                                                                0x00404591
                                                                                                                                0x00404591
                                                                                                                                0x00404593
                                                                                                                                0x00000000
                                                                                                                                0x00404595
                                                                                                                                0x00404595
                                                                                                                                0x0040459b
                                                                                                                                0x0040459d
                                                                                                                                0x00404597
                                                                                                                                0x00404597
                                                                                                                                0x00404599
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00404599
                                                                                                                                0x00404595
                                                                                                                                0x00404593
                                                                                                                                0x004045a4
                                                                                                                                0x004045ab
                                                                                                                                0x004045ae
                                                                                                                                0x004045b0
                                                                                                                                0x004045b9
                                                                                                                                0x004045be
                                                                                                                                0x004045c2
                                                                                                                                0x004045e5
                                                                                                                                0x004045c4
                                                                                                                                0x004045c4
                                                                                                                                0x004045d3
                                                                                                                                0x004045d3
                                                                                                                                0x004045c2
                                                                                                                                0x004045ea
                                                                                                                                0x004045f0
                                                                                                                                0x004045f2
                                                                                                                                0x004045fb
                                                                                                                                0x004045fb
                                                                                                                                0x00404603
                                                                                                                                0x00404604
                                                                                                                                0x0040460b
                                                                                                                                0x00404610
                                                                                                                                0x00404616
                                                                                                                                0x0040461b
                                                                                                                                0x0040461d
                                                                                                                                0x0040461f
                                                                                                                                0x00404625
                                                                                                                                0x00404627
                                                                                                                                0x00404627
                                                                                                                                0x00404625
                                                                                                                                0x0040462c
                                                                                                                                0x0040446e
                                                                                                                                0x0040446e
                                                                                                                                0x00404474
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00404474
                                                                                                                                0x00404385
                                                                                                                                0x00404385
                                                                                                                                0x00404389
                                                                                                                                0x0040438c
                                                                                                                                0x00404392
                                                                                                                                0x004043ac
                                                                                                                                0x004043ac
                                                                                                                                0x004043b2
                                                                                                                                0x004043ba
                                                                                                                                0x004043c5
                                                                                                                                0x004043c5
                                                                                                                                0x004043cc
                                                                                                                                0x004043d5
                                                                                                                                0x004043d9
                                                                                                                                0x004043e1
                                                                                                                                0x004043ea
                                                                                                                                0x004043ee
                                                                                                                                0x004043f3
                                                                                                                                0x004043fb
                                                                                                                                0x00404401
                                                                                                                                0x00404403
                                                                                                                                0x0040445d
                                                                                                                                0x00404462
                                                                                                                                0x00404405
                                                                                                                                0x00404406
                                                                                                                                0x0040440d
                                                                                                                                0x00404417
                                                                                                                                0x0040441d
                                                                                                                                0x0040441f
                                                                                                                                0x00404421
                                                                                                                                0x00404427
                                                                                                                                0x0040442c
                                                                                                                                0x00404438
                                                                                                                                0x0040443e
                                                                                                                                0x00404440
                                                                                                                                0x00404444
                                                                                                                                0x00404444
                                                                                                                                0x00404440
                                                                                                                                0x00404427
                                                                                                                                0x00404449
                                                                                                                                0x00404456
                                                                                                                                0x00404456
                                                                                                                                0x00404403
                                                                                                                                0x00000000
                                                                                                                                0x00404394
                                                                                                                                0x0040439c
                                                                                                                                0x0040439f
                                                                                                                                0x004043a5
                                                                                                                                0x004043a8
                                                                                                                                0x00000000
                                                                                                                                0x004043a8
                                                                                                                                0x0040439f
                                                                                                                                0x00404392
                                                                                                                                0x004042d6
                                                                                                                                0x004042e0
                                                                                                                                0x004042e4
                                                                                                                                0x004042ef
                                                                                                                                0x004042f2
                                                                                                                                0x004042fa
                                                                                                                                0x004042fc
                                                                                                                                0x004042fe
                                                                                                                                0x00404303
                                                                                                                                0x0040430b
                                                                                                                                0x00404311
                                                                                                                                0x00404311
                                                                                                                                0x00404316
                                                                                                                                0x0040431b
                                                                                                                                0x0040431d
                                                                                                                                0x00404320
                                                                                                                                0x00404325
                                                                                                                                0x00404327
                                                                                                                                0x0040432a
                                                                                                                                0x0040432a
                                                                                                                                0x00404327
                                                                                                                                0x0040432f
                                                                                                                                0x00404335
                                                                                                                                0x0040433b
                                                                                                                                0x00404345
                                                                                                                                0x00404348
                                                                                                                                0x0040434b
                                                                                                                                0x00404354
                                                                                                                                0x00404357
                                                                                                                                0x0040435a
                                                                                                                                0x00404360
                                                                                                                                0x00404367
                                                                                                                                0x0040436c
                                                                                                                                0x0040436e
                                                                                                                                0x00404377
                                                                                                                                0x00000000
                                                                                                                                0x00404377
                                                                                                                                0x0040436e
                                                                                                                                0x00404293
                                                                                                                                0x00404299
                                                                                                                                0x0040429f
                                                                                                                                0x004042a4
                                                                                                                                0x004042af
                                                                                                                                0x004042b1
                                                                                                                                0x004042b3
                                                                                                                                0x004042c5
                                                                                                                                0x00000000
                                                                                                                                0x004042c5
                                                                                                                                0x004042b3
                                                                                                                                0x0040464a
                                                                                                                                0x00404246
                                                                                                                                0x00404246
                                                                                                                                0x0040424b
                                                                                                                                0x00404257
                                                                                                                                0x00404257

                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32 ref: 004042AF
                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 004042BF
                                                                                                                                • GetDlgItem.USER32 ref: 004042DC
                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 004042E4
                                                                                                                                • GetDlgItem.USER32 ref: 004042FA
                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0,?,000003F0,?,000003FB), ref: 0040430B
                                                                                                                                • SetWindowTextW.USER32(?), ref: 0040433B
                                                                                                                                • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?,?,?,?,000003FB), ref: 00404377
                                                                                                                                  • Part of subcall function 0040594C: GetWindowLongW.USER32(00000000,000000EB), ref: 00405969
                                                                                                                                  • Part of subcall function 0040594C: GetSysColor.USER32(00000000), ref: 0040599F
                                                                                                                                  • Part of subcall function 0040594C: SetTextColor.GDI32(?,00000000), ref: 004059AF
                                                                                                                                  • Part of subcall function 0040594C: SetBkMode.GDI32(?,?), ref: 004059BB
                                                                                                                                  • Part of subcall function 0040594C: GetSysColor.USER32(?), ref: 004059CE
                                                                                                                                  • Part of subcall function 0040594C: SetBkColor.GDI32(?,?), ref: 004059E1
                                                                                                                                  • Part of subcall function 0040594C: DeleteObject.GDI32(?), ref: 004059FC
                                                                                                                                  • Part of subcall function 0040594C: CreateBrushIndirect.GDI32(?), ref: 00405A06
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Color$ItemWindow$Text$AsyncAutoBrushButtonCheckedCompleteCreateDeleteIndirectLongModeObjectShowState
                                                                                                                                • String ID: A$Delete on reboot: $h]E$h]E$h]E
                                                                                                                                • API String ID: 3956912786-3367319730
                                                                                                                                • Opcode ID: 404b9af6370b356f512f74604e69d6766e538ffdc6bd659b9c0eb05ffb2e1391
                                                                                                                                • Instruction ID: 57045eba8b29b7695939676e7e69097c1f8bcfe400af9ad6c6da36433d08e458
                                                                                                                                • Opcode Fuzzy Hash: 404b9af6370b356f512f74604e69d6766e538ffdc6bd659b9c0eb05ffb2e1391
                                                                                                                                • Instruction Fuzzy Hash: CCA1B2B1A44301ABD710AB658C41F6BB6A8AFC4714F01093FFB85B72D2D77CD8058B6A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406C25, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 185filestringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 907 406c25-406c4e call 406a74 910 406c50-406c62 DeleteFileW 907->910 911 406c67-406c71 907->911 912 406e42-406e4b 910->912 913 406c73-406c75 911->913 914 406c84-406c97 call 40708c 911->914 915 406c7b-406c7e 913->915 916 406dcd-406dd3 913->916 921 406ca7-406ca8 call 407225 914->921 922 406c99-406ca5 lstrcatW 914->922 915->914 919 406dc9-406dcb 915->919 918 406e2b-406e38 call 406af2 916->918 929 406e41 918->929 919->916 923 406dd5-406ddd call 406a15 919->923 926 406cad-406cb2 921->926 922->926 923->929 934 406ddf-406df9 call 40699c call 406af2 call 4069cb 923->934 930 406cb4-406cbc 926->930 931 406cbe-406cc4 lstrcatW 926->931 929->912 930->931 933 406cc6-406ce9 lstrlenW FindFirstFileW 930->933 931->933 935 406db0-406db5 933->935 936 406cef-406cf1 933->936 952 406dfe-406e01 934->952 935->929 939 406dbb-406dc5 935->939 940 406cf2-406cf7 936->940 939->919 942 406d14-406d27 call 40708c 940->942 943 406cf9-406cff 940->943 953 406d29-406d30 942->953 954 406d3b-406d4a call 406af2 call 4069cb 942->954 945 406d92-406da3 FindNextFileW 943->945 946 406d05-406d0a 943->946 945->940 949 406da9-406daa FindClose 945->949 946->942 950 406d0c-406d12 946->950 949->935 950->942 950->945 957 406e03-406e05 952->957 958 406e3a-406e3c call 405f97 952->958 953->945 955 406d32-406d39 call 406c25 953->955 967 406d4f-406d52 954->967 955->945 962 406e26 957->962 963 406e07-406e24 call 406af2 call 405f97 call 4064e0 957->963 958->929 962->918 963->929 969 406d54-406d56 967->969 970 406d8b-406d8d call 405f97 967->970 973 406d77-406d89 call 406af2 969->973 974 406d58-406d75 call 406af2 call 405f97 call 4064e0 969->974 970->945 973->945 974->945
                                                                                                                                C-Code - Quality: 60%
                                                                                                                                			E00406C25(void* __eflags, WCHAR* _a4, signed char _a8) {
				short _v544;
				short _v546;
				struct _WIN32_FIND_DATAW _v592;
				signed int _v596;
				signed int _v600;
				WCHAR* _v604;
				signed int _t27;
				int _t35;
				signed int _t41;
				void* _t45;
				signed int _t49;
				signed int _t52;
				signed int _t62;
				void* _t64;
				signed char _t65;
				signed int _t80;
				WCHAR* _t81;
				signed int _t84;
				void* _t86;

				_t65 = _a8;
				_t81 = _a4;
				_t80 = _t65 & 0x00000004;
				_t27 = E00406A74(__eflags, _t81);
				_v600 = _t27;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t81); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x47e2e8 =  *0x47e2e8 + _t64;
					return _t64;
				}
				_t84 = _t65 & 0x00000001;
				__eflags = _t84;
				_v600 = _t84;
				if(_t84 == 0) {
					L5:
					E0040708C(0x461dc0, _t81);
					__eflags = _t84;
					if(_t84 == 0) {
						E00407225(_t81);
					} else {
						lstrcatW(0x461dc0, L"\\*.*");
					}
					__eflags =  *_t81;
					if( *_t81 != 0) {
						L10:
						lstrcatW(_t81, "\\");
						goto L11;
					} else {
						__eflags =  *0x461dc0 - 0x5c;
						if( *0x461dc0 != 0x5c) {
							L11:
							_v604 =  &(_t81[lstrlenW(_t81)]);
							_t35 = FindFirstFileW(0x461dc0,  &_v592); // executed
							_t86 = _t35;
							__eflags = _t86 - 0xffffffff;
							if(_t86 == 0xffffffff) {
								L27:
								__eflags = _v600;
								if(_v600 == 0) {
									goto L38;
								}
								__eflags = 0;
								 *((short*)(_v604 - 2)) = 0;
								_t27 = _v596;
								goto L29;
							}
							_t45 = 0x2e;
							do {
								__eflags = _v592.cFileName - _t45;
								if(_v592.cFileName != _t45) {
									L17:
									E0040708C(_v604,  &(_v592.cFileName));
									__eflags = _v600 & 0x00000010;
									if((_v600 & 0x00000010) == 0) {
										E00406AF2(L"Delete: DeleteFile(\"%s\")", _t81);
										_t49 = E004069CB(__eflags, _t81, _t80); // executed
										_push(_t81);
										__eflags = _t49;
										if(_t49 != 0) {
											_push(0xfffffff2);
											E00405F97();
										} else {
											__eflags = _t80;
											if(_t80 == 0) {
												_push(L"Delete: DeleteFile failed(\"%s\")");
												E00406AF2();
												 *0x47e2e8 =  *0x47e2e8 + 1;
											} else {
												_push(L"Delete: DeleteFile on Reboot(\"%s\")");
												E00406AF2();
												E00405F97(0xfffffff1, _t81);
												E004064E0(_t81, 0);
											}
										}
									} else {
										__eflags = (_t65 & 0x00000003) - 3;
										if(__eflags == 0) {
											E00406C25(__eflags, _t81, _t65);
										}
									}
									goto L25;
								}
								__eflags = _v546;
								if(_v546 == 0) {
									goto L25;
								}
								__eflags = _v546 - _t45;
								if(_v546 != _t45) {
									goto L17;
								}
								__eflags = _v544;
								if(_v544 == 0) {
									goto L25;
								}
								goto L17;
								L25:
								_t52 = FindNextFileW(_t86,  &_v592); // executed
								__eflags = _t52;
								_t45 = 0x2e;
							} while (_t52 != 0);
							_t35 = FindClose(_t86);
							goto L27;
						}
						goto L10;
					}
				} else {
					__eflags = _t27;
					if(_t27 == 0) {
						L30:
						_push(_t81);
						_push(L"RMDir: RemoveDirectory invalid input(\"%s\")");
						L36:
						_t35 = E00406AF2();
						 *0x47e2e8 =  *0x47e2e8 + 1;
						L38:
						return _t35;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						L29:
						__eflags = _t27;
						if(_t27 != 0) {
							_t35 = E00406A15(_t81);
							__eflags = _t35;
							if(_t35 == 0) {
								goto L38;
							}
							E0040699C(_t81);
							E00406AF2(L"RMDir: RemoveDirectory(\"%s\")", _t81);
							_t41 = E004069CB(__eflags, _t81, _t80 | 0x00000001); // executed
							_push(_t81);
							__eflags = _t41;
							if(_t41 != 0) {
								_push(0xffffffe5);
								_t35 = E00405F97();
								goto L38;
							}
							__eflags = _t80;
							if(_t80 == 0) {
								_push(L"RMDir: RemoveDirectory failed(\"%s\")");
								goto L36;
							}
							_push(L"RMDir: RemoveDirectory on Reboot(\"%s\")");
							E00406AF2();
							E00405F97(0xfffffff1, _t81);
							_t35 = E004064E0(_t81, 0);
							goto L38;
						}
						goto L30;
					}
					goto L5;
				}
			}






















                                                                                                                                0x00406c2c
                                                                                                                                0x00406c34
                                                                                                                                0x00406c3f
                                                                                                                                0x00406c42
                                                                                                                                0x00406c47
                                                                                                                                0x00406c4e
                                                                                                                                0x00406c51
                                                                                                                                0x00406c59
                                                                                                                                0x00406c5b
                                                                                                                                0x00406c5c
                                                                                                                                0x00000000
                                                                                                                                0x00406c5c
                                                                                                                                0x00406c6a
                                                                                                                                0x00406c6a
                                                                                                                                0x00406c6d
                                                                                                                                0x00406c71
                                                                                                                                0x00406c84
                                                                                                                                0x00406c8a
                                                                                                                                0x00406c8f
                                                                                                                                0x00406c97
                                                                                                                                0x00406ca8
                                                                                                                                0x00406c99
                                                                                                                                0x00406ca3
                                                                                                                                0x00406ca3
                                                                                                                                0x00406caf
                                                                                                                                0x00406cb2
                                                                                                                                0x00406cbe
                                                                                                                                0x00406cc4
                                                                                                                                0x00000000
                                                                                                                                0x00406cb4
                                                                                                                                0x00406cb4
                                                                                                                                0x00406cbc
                                                                                                                                0x00406cc6
                                                                                                                                0x00406cd0
                                                                                                                                0x00406cde
                                                                                                                                0x00406ce4
                                                                                                                                0x00406ce6
                                                                                                                                0x00406ce9
                                                                                                                                0x00406db0
                                                                                                                                0x00406db0
                                                                                                                                0x00406db5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406dbf
                                                                                                                                0x00406dc1
                                                                                                                                0x00406dc5
                                                                                                                                0x00000000
                                                                                                                                0x00406dc5
                                                                                                                                0x00406cf1
                                                                                                                                0x00406cf2
                                                                                                                                0x00406cf2
                                                                                                                                0x00406cf7
                                                                                                                                0x00406d14
                                                                                                                                0x00406d1d
                                                                                                                                0x00406d22
                                                                                                                                0x00406d27
                                                                                                                                0x00406d41
                                                                                                                                0x00406d4a
                                                                                                                                0x00406d4f
                                                                                                                                0x00406d50
                                                                                                                                0x00406d52
                                                                                                                                0x00406d8b
                                                                                                                                0x00406d8d
                                                                                                                                0x00406d54
                                                                                                                                0x00406d54
                                                                                                                                0x00406d56
                                                                                                                                0x00406d77
                                                                                                                                0x00406d7c
                                                                                                                                0x00406d81
                                                                                                                                0x00406d58
                                                                                                                                0x00406d58
                                                                                                                                0x00406d5d
                                                                                                                                0x00406d67
                                                                                                                                0x00406d70
                                                                                                                                0x00406d70
                                                                                                                                0x00406d56
                                                                                                                                0x00406d29
                                                                                                                                0x00406d2e
                                                                                                                                0x00406d30
                                                                                                                                0x00406d34
                                                                                                                                0x00406d34
                                                                                                                                0x00406d30
                                                                                                                                0x00000000
                                                                                                                                0x00406d27
                                                                                                                                0x00406cf9
                                                                                                                                0x00406cff
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406d05
                                                                                                                                0x00406d0a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406d0c
                                                                                                                                0x00406d12
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406d92
                                                                                                                                0x00406d98
                                                                                                                                0x00406da0
                                                                                                                                0x00406da2
                                                                                                                                0x00406da2
                                                                                                                                0x00406daa
                                                                                                                                0x00000000
                                                                                                                                0x00406daa
                                                                                                                                0x00000000
                                                                                                                                0x00406cbc
                                                                                                                                0x00406c73
                                                                                                                                0x00406c73
                                                                                                                                0x00406c75
                                                                                                                                0x00406dcd
                                                                                                                                0x00406dcd
                                                                                                                                0x00406dce
                                                                                                                                0x00406e2b
                                                                                                                                0x00406e2b
                                                                                                                                0x00406e30
                                                                                                                                0x00406e41
                                                                                                                                0x00000000
                                                                                                                                0x00406e41
                                                                                                                                0x00406c7b
                                                                                                                                0x00406c7e
                                                                                                                                0x00406dc9
                                                                                                                                0x00406dc9
                                                                                                                                0x00406dcb
                                                                                                                                0x00406dd6
                                                                                                                                0x00406ddb
                                                                                                                                0x00406ddd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406de0
                                                                                                                                0x00406deb
                                                                                                                                0x00406df9
                                                                                                                                0x00406dfe
                                                                                                                                0x00406dff
                                                                                                                                0x00406e01
                                                                                                                                0x00406e3a
                                                                                                                                0x00406e3c
                                                                                                                                0x00000000
                                                                                                                                0x00406e3c
                                                                                                                                0x00406e03
                                                                                                                                0x00406e05
                                                                                                                                0x00406e26
                                                                                                                                0x00000000
                                                                                                                                0x00406e26
                                                                                                                                0x00406e07
                                                                                                                                0x00406e0c
                                                                                                                                0x00406e16
                                                                                                                                0x00406e1f
                                                                                                                                0x00000000
                                                                                                                                0x00406e1f
                                                                                                                                0x00000000
                                                                                                                                0x00406dcb
                                                                                                                                0x00000000
                                                                                                                                0x00406c7e

                                                                                                                                APIs
                                                                                                                                • DeleteFileW.KERNEL32(?,?,00000000,74B5FAA0,?), ref: 00406C51
                                                                                                                                • lstrcatW.KERNEL32(00461DC0,\*.*), ref: 00406CA3
                                                                                                                                • lstrcatW.KERNEL32(?,00409AAC), ref: 00406CC4
                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406CC7
                                                                                                                                • FindFirstFileW.KERNEL32(00461DC0,?), ref: 00406CDE
                                                                                                                                • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?), ref: 00406D98
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406DAA
                                                                                                                                Strings
                                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406DCE
                                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406D58
                                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406DE6
                                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E07
                                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406D77
                                                                                                                                • \*.*, xrefs: 00406C99
                                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406D3C
                                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406E26
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                • API String ID: 2035342205-3294556389
                                                                                                                                • Opcode ID: 1ad0edb85afcd017d565ba4eb5641d3943980b0f737b0aa96013f32053bf46b5
                                                                                                                                • Instruction ID: 07ade092aaa00c48d64d90f21c836db83ed6b18898fe5f2c60f287d1462525a5
                                                                                                                                • Opcode Fuzzy Hash: 1ad0edb85afcd017d565ba4eb5641d3943980b0f737b0aa96013f32053bf46b5
                                                                                                                                • Instruction Fuzzy Hash: 3051273120871169E6207B65DC0ABAB37E8DF41368F21453FF843B21D1EA7C996185BF
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004024EA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 65%
                                                                                                                                			E004024EA(intOrPtr _a4, char _a8, intOrPtr _a16, signed int _a36, void* _a40, void* _a44, signed int _a52, signed int _a56, intOrPtr _a60, intOrPtr _a64, void* _a72, intOrPtr _a128) {
				signed int _v0;
				intOrPtr _v4;
				void* _v12;
				intOrPtr* _v16;
				intOrPtr* _v24;
				void* _v28;
				void* _v32;
				intOrPtr* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v60;
				intOrPtr _t52;
				void* _t58;
				intOrPtr _t60;
				intOrPtr* _t62;
				signed int _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				void* _t84;
				signed int _t86;
				void* _t99;
				intOrPtr* _t101;
				signed int _t103;
				intOrPtr _t107;
				void* _t109;
				signed int _t112;
				void* _t114;

				_a60 = E00403312(_t99, 0xfffffff0);
				_a16 = E00403312(_t99, 0xffffffdf);
				_a56 = E00403312(_t99, 2);
				_t107 = E00403312(_t99, 0xffffffcd);
				_a128 = _t107;
				_t52 = E00403312(_t99, 0x45);
				_t86 = _a36;
				_a64 = _t52;
				_a52 = _t86 & 0x00008000;
				_t103 = _t86 & 0x00000fff;
				_t112 = _t86 >> 0x0000000c & 0x00000007;
				_a56 = _t103;
				_v0 = _t86 >> 0x00000010 & 0x0000ffff;
				if(E0040730E(_a4) == 0) {
					E00403312(__edx, 0x21);
				}
				E00406AF2(L"CreateShortcut: out: \"%s\", in: \"%s %s\", icon: %s,%d, sw=%d, hk=%d", _a64);
				_t114 = _t114 + 0x20;
				_t58 = _t114 + 0x20;
				__imp__CoCreateInstance(0x40ac84, _t84, 1, 0x40ac64, _t58,  *((intOrPtr*)(_t114 + 0x2c)),  *((intOrPtr*)(_t114 + 0x54)), _t107, _t103, _t112,  *((intOrPtr*)(_t114 + 0x14))); // executed
				if(_t58 < 0) {
					L16:
					_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
					_v4 = 1;
					_push(0xfffffff0);
				} else {
					_t62 =  *((intOrPtr*)(_t114 + 0x20));
					_t109 =  *((intOrPtr*)( *_t62))(_t62, 0x40ac74,  &_a8);
					if(_t109 >= 0) {
						_t66 = _v0;
						_t109 =  *((intOrPtr*)( *_t66 + 0x50))(_t66,  *((intOrPtr*)(_t114 + 0x18)));
						if( *((intOrPtr*)(_t114 + 0x48)) == _t84) {
							_t82 =  *((intOrPtr*)(_t114 + 0x20));
							 *((intOrPtr*)( *_t82 + 0x24))(_t82, 0x4d7000);
						}
						if(_t112 != 0) {
							_t80 =  *((intOrPtr*)(_t114 + 0x20));
							 *((intOrPtr*)( *_t80 + 0x3c))(_t80, _t112);
						}
						_t68 =  *((intOrPtr*)(_t114 + 0x20));
						 *((intOrPtr*)( *_t68 + 0x34))(_t68,  *((intOrPtr*)(_t114 + 0x14)));
						_t101 =  *((intOrPtr*)(_t114 + 0x90));
						if( *_t101 != _t84) {
							_t78 = _v16;
							 *((intOrPtr*)( *_t78 + 0x44))(_t78, _t101,  *((intOrPtr*)(_t114 + 0x4c)));
						}
						_t70 = _v16;
						 *((intOrPtr*)( *_t70 + 0x2c))(_t70,  *((intOrPtr*)(_t114 + 0x44)));
						_t72 = _v24;
						 *((intOrPtr*)( *_t72 + 0x1c))(_t72,  *((intOrPtr*)(_t114 + 0x54)));
						if(_t109 >= 0) {
							_t76 = _v36;
							_t109 =  *((intOrPtr*)( *_t76 + 0x18))(_t76, _v0, 1);
						}
						_t74 = _v36;
						 *((intOrPtr*)( *_t74 + 8))(_t74);
					}
					_t64 = _v0;
					 *((intOrPtr*)( *_t64 + 8))(_t64);
					if(_t109 < 0) {
						goto L16;
					} else {
						_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
						_push(0xfffffff4);
					}
				}
				E00405F97();
				_t60 = _v4;
				 *0x47e2e8 =  *0x47e2e8 + _t60;
				return 0;
			}






































                                                                                                                                0x004024f3
                                                                                                                                0x004024fe
                                                                                                                                0x00402509
                                                                                                                                0x00402512
                                                                                                                                0x00402516
                                                                                                                                0x0040251d
                                                                                                                                0x00402522
                                                                                                                                0x0040252c
                                                                                                                                0x0040253f
                                                                                                                                0x00402543
                                                                                                                                0x0040254c
                                                                                                                                0x0040254f
                                                                                                                                0x00402553
                                                                                                                                0x0040255e
                                                                                                                                0x00402562
                                                                                                                                0x00402562
                                                                                                                                0x0040257f
                                                                                                                                0x00402584
                                                                                                                                0x00402587
                                                                                                                                0x0040259b
                                                                                                                                0x004025a3
                                                                                                                                0x00402678
                                                                                                                                0x00402678
                                                                                                                                0x0040267d
                                                                                                                                0x00402681
                                                                                                                                0x004025a9
                                                                                                                                0x004025a9
                                                                                                                                0x004025bc
                                                                                                                                0x004025c0
                                                                                                                                0x004025c6
                                                                                                                                0x004025d4
                                                                                                                                0x004025da
                                                                                                                                0x004025dc
                                                                                                                                0x004025e8
                                                                                                                                0x004025e8
                                                                                                                                0x004025ed
                                                                                                                                0x004025ef
                                                                                                                                0x004025f7
                                                                                                                                0x004025f7
                                                                                                                                0x004025fa
                                                                                                                                0x00402605
                                                                                                                                0x00402608
                                                                                                                                0x00402612
                                                                                                                                0x00402614
                                                                                                                                0x00402620
                                                                                                                                0x00402620
                                                                                                                                0x00402623
                                                                                                                                0x0040262e
                                                                                                                                0x00402631
                                                                                                                                0x0040263c
                                                                                                                                0x00402641
                                                                                                                                0x00402643
                                                                                                                                0x00402652
                                                                                                                                0x00402652
                                                                                                                                0x00402654
                                                                                                                                0x0040265b
                                                                                                                                0x0040265b
                                                                                                                                0x0040265e
                                                                                                                                0x00402665
                                                                                                                                0x0040266a
                                                                                                                                0x00000000
                                                                                                                                0x0040266c
                                                                                                                                0x0040266c
                                                                                                                                0x00402671
                                                                                                                                0x00402671
                                                                                                                                0x0040266a
                                                                                                                                0x004015f5
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • CoCreateInstance.OLE32(0040AC84,?,00000001,0040AC64,?), ref: 0040259B
                                                                                                                                Strings
                                                                                                                                • CreateShortcut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 0040257A
                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll, xrefs: 0040266C, 00402678
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInstance
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$CreateShortcut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                • API String ID: 542301482-1611270331
                                                                                                                                • Opcode ID: ceb5dedd4c106cbdef5196b0dde189e1e2d399738163d5af51556e1b12f3919f
                                                                                                                                • Instruction ID: 375c878db668609493811a4cd5a82bf1f91e341d127366e92dbbdbff3295255c
                                                                                                                                • Opcode Fuzzy Hash: ceb5dedd4c106cbdef5196b0dde189e1e2d399738163d5af51556e1b12f3919f
                                                                                                                                • Instruction Fuzzy Hash: 59515A71608300AFC710DFA4C948E1BBBE9BF89718F10096DF585AB2A1DA79DD01DB56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406A15, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406A15(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x46b1c0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x46b1c0;
			}




                                                                                                                                0x00406a20
                                                                                                                                0x00406a29
                                                                                                                                0x00000000
                                                                                                                                0x00406a36
                                                                                                                                0x00406a2c
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNEL32(00000000,0046B1C0,00000000,00406ABC,00465DC0), ref: 00406A20
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00406A2C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                • Opcode ID: 9d956027aa946b38dcc7963600f46a656794352f15f78ec7de26997ba2028161
                                                                                                                                • Instruction ID: e5102c72230f7fd53e0afc15c91cead83cf4ba49b93e7274b3626797a5d0b882
                                                                                                                                • Opcode Fuzzy Hash: 9d956027aa946b38dcc7963600f46a656794352f15f78ec7de26997ba2028161
                                                                                                                                • Instruction Fuzzy Hash: F9D0C971604130ABD6516A286D0C88B6B589B163703228A32B426F12A0D3788C618A99
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004014FA, Relevance: 56.4, APIs: 12, Strings: 20, Instructions: 367sleepfilewindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 194 4014fa-40155e 195 401564 194->195 196 40316f 194->196 198 401581-401599 call 403312 call 406af2 call 405f97 195->198 199 401644-401648 195->199 200 401846-401856 call 403312 call 406a15 195->200 201 4015a8-4015b0 195->201 202 401629-40163f call 406af2 SetForegroundWindow 195->202 203 40156b-40157c call 406af2 195->203 204 4016ce-4016db 195->204 205 40188e-4018c0 call 403312 * 3 call 406af2 MoveFileW 195->205 206 401693-4016b7 195->206 207 401915-401932 call 403312 GetFullPathNameW 195->207 208 4015bb-4015d8 call 4033d3 call 406af2 call 4013af 195->208 209 4016fb-401723 call 403312 call 406af2 SetFileAttributesW 195->209 210 40173c-401761 call 403312 call 406af2 call 407123 195->210 211 4016bc-4016c9 call 406a5b 195->211 212 4015dd-4015f1 call 403312 call 406af2 195->212 213 4015ff-401624 call 4032d6 call 406af2 Sleep 195->213 197 403173-403179 196->197 226 40317b-403185 197->226 225 40159e-4015a3 198->225 220 401680-40168e 199->220 221 40164a-40167b call 4032d6 call 406af2 199->221 275 401873-401889 call 406af2 200->275 276 401858-40186e call 406af2 200->276 224 4015b2-4015b9 PostQuitMessage 201->224 201->225 202->196 203->226 229 4016e5-4016ec 204->229 230 4016dd-4016e1 ShowWindow 204->230 305 4018c2-4018c9 205->305 306 4018ce-4018d3 205->306 206->226 253 401942-401948 207->253 254 401934-401940 207->254 208->226 209->196 281 401729-40172e call 406af2 209->281 292 4017f3-4017fd 210->292 293 401767-40177c call 406a3c 210->293 211->196 271 4015f5-4015fa call 405f97 212->271 213->196 220->196 221->196 224->225 225->226 229->196 244 4016f2-4016f6 ShowWindow 229->244 230->229 244->196 265 401966 253->265 266 40194a-40194d 253->266 264 40196a-40196e 254->264 264->197 279 401974-40197d GetShortPathNameW 264->279 265->264 266->265 277 40194f-401957 call 406a15 266->277 271->196 275->226 276->226 277->254 304 401959-401961 call 40708c 277->304 279->196 290 401733-401737 281->290 290->197 300 40183f-401841 292->300 301 4017ff-40181a call 405f97 call 40708c SetCurrentDirectoryW 292->301 313 401795-401796 call 40607b 293->313 314 40177e-401782 293->314 300->271 301->196 326 401820-40183a GetLastError call 406af2 301->326 304->265 305->271 310 401904-401910 call 406af2 306->310 311 4018d5-4018dd call 406a15 306->311 310->290 311->310 325 4018df-4018ff call 4064e0 call 405f97 call 406af2 311->325 324 40179b-40179d 313->324 314->313 317 401784-40178b call 4067a3 314->317 317->313 332 40178d-40178e call 40609b 317->332 328 4017d7-4017dd call 406af2 324->328 329 40179f-4017a4 324->329 325->196 326->197 336 4017e2-4017e3 328->336 333 4017a6-4017b9 call 406af2 329->333 334 4017bb-4017c4 GetFileAttributesW 329->334 344 401793 332->344 341 4017e4-4017ed 333->341 334->341 342 4017c6-4017d5 call 406af2 334->342 336->341 341->292 341->293 342->336 344->324
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E004014FA() {
				void* _t462;
				signed int _t465;
				intOrPtr _t466;
				signed int _t471;
				signed int _t473;
				void* _t488;
				void* _t489;

				_t471 = 7;
				 *((intOrPtr*)(_t488 + 0x1c)) =  *0x47621c;
				_t462 = memcpy(_t488 + 0x24,  *(_t488 + 0x3e4), _t471 << 2);
				_t489 = _t488 + 0xc;
				_t473 =  *(_t489 + 0x2c);
				 *((intOrPtr*)(_t489 + 0x10)) = 0;
				 *((intOrPtr*)(_t489 + 0x4c)) =  *((intOrPtr*)(_t489 + 0x28));
				 *0x40c104 = _t489 + 0x28;
				_t465 =  *((intOrPtr*)(_t489 + 0x24)) + 0xfffffffe;
				 *(_t489 + 0x54) = _t473;
				 *((intOrPtr*)(_t489 + 0x40)) = _t462 + (_t473 << 0xe);
				if(_t465 > 0x44) {
					L404:
					_t466 =  *((intOrPtr*)(_t489 + 0x10));
					L405:
					 *0x47e2e8 =  *0x47e2e8 + _t466;
					L406:
					return 0;
				}
				switch( *((intOrPtr*)(_t465 * 4 +  &M0040318A))) {
					case 0:
						E00406AF2(L"Jump: %d", _t480);
						return  *((intOrPtr*)(_t489 + 0x30));
					case 1:
						E00403312(__edx, 0) = E00406AF2(L"Aborting: \"%s\"", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push( *(__esp + 0x2c));
						goto L4;
					case 2:
						 *0x47620c =  *0x47620c + 1;
						__eflags = __edx;
						if(__edx != 0) {
							PostQuitMessage(0);
						}
						goto L5;
					case 3:
						_t17 = E004033D3(__edi) - 1; // -1
						__esi = _t17;
						__eax = E00406AF2(L"Call: %d", _t17);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						return E004013AF(_t17);
					case 4:
						E00403312(__edx, 0) = E00406AF2(L"DetailPrint: %s", __eax);
						_pop(__ecx);
						_pop(__ecx);
						_push(0);
						_push( *(__esp + 0x2c));
						goto L10;
					case 5:
						__esi = E004032D6(0);
						__eax = E00406AF2(L"Sleep(%d)", __esi);
						0 = 1;
						__eflags = __esi - 1;
						__edi =  >  ? __esi : 1;
						Sleep( >  ? __esi : 1);
						goto L404;
					case 6:
						_push(L"BringToFront");
						__eax = E00406AF2();
						__eax =  *(__esp + 0x20);
						_pop(__ecx);
						__eax = SetForegroundWindow(__eax);
						goto L404;
					case 7:
						__eax =  *0x476204;
						__esi = ShowWindow;
						__eflags = __eax;
						if(__eax != 0) {
							__eax = ShowWindow(__eax, __ecx);
							__edi =  *(__esp + 0x28);
						}
						__eax =  *0x476208;
						__eflags = __eax;
						if(__eax != 0) {
							__eax = ShowWindow(__eax, __edi);
						}
						goto L404;
					case 8:
						__eax = E00403312(__edx, 0xfffffff0);
						_push( *(__esp + 0x2c));
						__esi = __eax;
						__eax = E00406AF2(L"SetFileAttributes: \"%s\":%08X", __esi);
						__eax = SetFileAttributesW(__esi,  *(__esp + 0x2c));
						__eflags = __eax;
						if(__eax != 0) {
							goto L404;
						} else {
							_push(L"SetFileAttributes failed.");
							goto L28;
						}
					case 9:
						__eax = E00403312(__edx, 0xfffffff0);
						_push( *(__esp + 0x2c));
						__esi = __eax;
						__eax = E00406AF2(L"CreateDirectory: \"%s\" (%d)", __esi);
						0 = E00407123(__esi);
						__eflags = __edi;
						if(__edi == 0) {
							L45:
							__eflags =  *(__esp + 0x2c);
							_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
							if(__eflags == 0) {
								_push(0xfffffff5);
								goto L10;
							}
							_push(0xffffffe6);
							E00405F97() = E0040708C(0x4d7000, __esi);
							__eax = SetCurrentDirectoryW(__esi); // executed
							__eflags = __eax;
							if(__eax != 0) {
								goto L404;
							} else {
								_push(GetLastError());
								E00406AF2(L"SetCurrentDirectory(%s) failed (%d)", __esi) =  *(__esp + 0x1c);
								__eax =  &( *(__esp + 0x1c)->i);
								goto L405;
							}
						} else {
							goto L32;
						}
						do {
							L32:
							0 = E00406A3C(__edi, 0x5c);
							__eax = 0;
							__ebx =  *__edi & 0x0000ffff;
							 *__edi = __ax;
							__eflags = __bx;
							if(__bx != 0) {
								L36:
								__eax = E0040607B(__esi);
								L37:
								__eflags = __eax;
								if(__eax == 0) {
									__eax = E00406AF2(L"CreateDirectory: \"%s\" created", __esi);
									L43:
									_pop(__ecx);
									_pop(__ecx);
									goto L44;
								}
								__eflags = __eax - 0xb7;
								if(__eax == 0xb7) {
									__eax = GetFileAttributesW(__esi); // executed
									__eflags = __al & 0x00000010;
									if((__al & 0x00000010) != 0) {
										goto L44;
									} else {
										__eax = E00406AF2(L"CreateDirectory: can\'t create \"%s\" - a file already exists", __esi);
										 *(__esp + 0x18) =  &(( *(__esp + 0x18))[0]);
										goto L43;
									}
								} else {
									_push(__eax);
									__eax = E00406AF2(L"CreateDirectory: can\'t create \"%s\" (err=%d)", __esi);
									 *(__esp + 0x10) =  *(__esp + 0x10) + 1;
									goto L44;
								}
							}
							__eflags =  *(__esp + 0x30);
							if( *(__esp + 0x30) == 0) {
								goto L36;
							}
							__eax = E004067A3();
							__eflags = __eax;
							if(__eax == 0) {
								goto L36;
							} else {
								__eax = E0040609B(__esi); // executed
								goto L37;
							}
							L44:
							 *__edi = __bx;
							__edi = __edi + 2;
							__eflags = __bx;
						} while (__bx != 0);
						goto L45;
					case 0xa:
						__esi = E00403312(__edx, 0);
						__eax = E00406A15(__eax);
						__eflags = __eax;
						if(__eax != 0) {
							_push( *(__esp + 0x2c));
							E00406AF2(L"IfFileExists: file \"%s\" exists, jumping %d", __esi) =  *(__esp + 0x38);
							return  *(__esp + 0x38);
						}
						_push( *(__esp + 0x30));
						__eax = E00406AF2(L"IfFileExists: file \"%s\" does not exist, jumping %d", __esi);
						goto L52;
					case 0xb:
						__eflags =  *(__esp + 0x30);
						if( *(__esp + 0x30) != 0) {
							__eax =  *(0x47e2a0 + __edi * 4);
							 *(0x47e2e0 + __edi * 4) =  *(0x47e2a0 + __edi * 4);
							goto L404;
						} else {
							__eax =  *(0x47e2e0 + __edi * 4);
							 *(0x47e2a0 + __edi * 4) =  *(0x47e2e0 + __edi * 4);
							__ecx = E004032D6(1);
							__eax =  *(__esp + 0x2c);
							_push(__ecx);
							_push(__eax);
							_push(L"SetFlag: %d=%d");
							 *(0x47e2e0 + __eax * 4) = __ecx;
							goto L15;
						}
					case 0xc:
						__edx =  *(__esp + 0x30);
						__eax = 0;
						_push(4);
						_pop(__esi);
						__ecx =  *(0x47e2e0 + __edx * 4);
						__eflags = __ecx;
						__eax =  ==  ? __esi : 0;
						 *(0x47e2e0 + __edx * 4) = __ecx;
						__eax =  *(__esp +  &(( ==  ? __esi : 0)[0x14]));
						return  *(__esp +  &(( ==  ? __esi : 0)[0x14]));
					case 0xd:
						_push( *((intOrPtr*)(0x47e2e0 + __ecx * 4)));
						goto L20;
					case 0xe:
						0 = E00403312(__edx, 0xffffffd0);
						__ebx = E00403312(__edx, 0xffffffdf);
						__esi = E00403312(__edx, 0x13);
						__eax = E00406AF2(L"Rename: %s", __esi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = MoveFileW(__edi, __ebx);
						__eflags = __eax;
						if(__eax == 0) {
							__eflags =  *(__esp + 0x30);
							if( *(__esp + 0x30) == 0) {
								L60:
								_push(__esi);
								_push(L"Rename failed: %s");
								goto L61;
							}
							__eax = E00406A15(__edi);
							__eflags = __eax;
							if(__eax == 0) {
								goto L60;
							}
							E004064E0(__edi, __ebx) = E00405F97(0xffffffe4, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
							_push(__esi);
							_push(L"Rename on reboot: %s");
							goto L58;
						}
						_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
						_push(0xffffffe3);
						goto L10;
					case 0xf:
						0 = E00403312(__edx, 0);
						__ebp = 0x2000;
						__eax = __esp + 0x14;
						__eax = GetFullPathNameW(__edi, 0x2000, __esi, __esp + 0x14);
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *(__esp + 0x14);
							__eflags = __eax - __edi;
							if(__eax <= __edi) {
								L68:
								__eax =  *(__esp + 0x10);
								L69:
								__eflags =  *(__esp + 0x30) - __ebx;
								if( *(__esp + 0x30) != __ebx) {
									goto L405;
								}
								__eax = GetShortPathNameW(__esi, __esi, __ebp);
								goto L404;
							}
							__eflags =  *__eax - __bx;
							if( *__eax == __bx) {
								goto L68;
							}
							__eax = E00406A15(__edi);
							__eflags = __eax;
							if(__eax == 0) {
								goto L63;
							}
							__eflags = 0;
							__eax = E0040708C( *(__esp + 0x18), __eax);
							goto L68;
						}
						L63:
						0 = 1;
						__ecx = 0;
						 *(__esp + 0x10) = 1;
						 *__esi = __cx;
						goto L69;
					case 0x10:
						__eax = E00403312(__edx, 0xffffffff);
						__ecx = __esp + 0x54;
						__eax = SearchPathW(0, __eax, 0, 0x2000, __ebp, __esp + 0x54);
						__eflags = __eax;
						if(__eax != 0) {
							goto L404;
						}
						goto L72;
					case 0x11:
						__eax = E00403312(__edx, 0xffffffef);
						__eax = E00406FC4(__ecx, __ebp, __eax); // executed
						goto L74;
					case 0x12:
						__eax = E00403312(__edx, 0x31);
						__ecx =  *(__esp + 0x28);
						__ebp = __eax;
						__esi = __ecx;
						 *(__esp + 0x14) = __ebp;
						__ecx = __ecx >> 3;
						__esi = __esi & 0x00000007;
						_push(__ebp);
						_push(__ecx);
						__eax = E00406AF2(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", __esi);
						__eax = E0040730E(__ebp);
						_push(__ebp);
						__ebp = L"Call";
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E0040708C(__ebp, 0x4d7000);
							0 = lstrcatW(0, ??);
						} else {
							_push(__ebp);
							__eax = E0040708C();
						}
						__eax = E00407252(__ebp);
						__edi = 0;
						__edi = 1;
						__eflags = 1;
						while(1) {
							__eflags = __esi - 3;
							if(__esi >= 3) {
								__eax = E00406A15(__ebp);
								__ecx = __ebx;
								__eflags = __eax;
								if(__eax != 0) {
									__ecx = __esp + 0x34;
									__eax =  &(__eax[0xa]);
									__eflags = __eax;
									__ecx = 0;
								}
								__esi = __esi + 0xfffffffd;
								__esi = __esi | 0x80000000;
								__esi = __esi & __ecx;
								__esi =  ~__esi;
								asm("sbb esi, esi");
								__esi = __esi + 1;
								__eflags = __esi;
							}
							__eflags = __esi;
							if(__esi == 0) {
								__eax = E004070FB(__ebp);
							}
							__eax = 0;
							__eflags = __esi - __edi;
							0 | __eflags != 0x00000000 = (__eflags != 0) + 1;
							__eax = E00406E83(__ebp, 0x40000000, (__eflags != 0) + 1);
							 *(__esp + 0x18) = __eax;
							__eflags = __eax - 0xffffffff;
							if(__eax != 0xffffffff) {
								break;
							}
							__eflags = __esi;
							if(__esi != 0) {
								__edi =  *(__esp + 0x14);
								__eax = E00405F97(0xffffffe2,  *(__esp + 0x14));
								_push(__esi);
								__eax = E00406AF2(L"File: skipped: \"%s\" (overwriteflag=%d)", __ebp);
								__eax = 0;
								__eflags = __esi - 2;
								goto L94;
							}
							__eax = E00406AF2(L"File: error creating \"%s\"", __ebp);
							_pop(__ecx);
							_pop(__ecx);
							E0040708C("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp", 0x47f000) = E0040708C(0x47f000, __ebp);
							E00406119("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll",  *(__esp + 0x3c)) = E0040708C(0x47f000, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp");
							 *(__esp + 0x28) =  *(__esp + 0x28) >> 3;
							__eax = E0040701A("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll",  *(__esp + 0x28) >> 3);
							__eax = __eax - 4;
							__eflags = __eax;
							if(__eax != 0) {
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									_push(L"File: error, user cancel");
									__eax = E00406AF2();
									 *0x47e2e8 =  *0x47e2e8 + 1;
									_pop(__ecx);
									goto L406;
								}
								_push(L"File: error, user abort");
								__eax = E00406AF2();
								_pop(__ecx);
								_push(__ebp);
								_push(0xfffffffa);
								L4:
								__eax = E00405F97();
								goto L5;
							}
							_push(L"File: error, user retry");
							__eax = E00406AF2();
							_pop(__ecx);
						}
						__edi =  *(__esp + 0x14);
						__eax = E00405F97(0xffffffea, __edi);
						 *0x47e314 =  *0x47e314 + 1;
						__eax = E0040342F( *(__esp + 0x3c),  *(__esp + 0x20), __ebx, __ebx);
						 *0x47e314 =  *0x47e314 - 1;
						__esi = __eax;
						_push(__ebp);
						__eax = E00406AF2(L"File: wrote %d to \"%s\"", __esi);
						__eflags =  *(__esp + 0x34) - 0xffffffff;
						if( *(__esp + 0x34) != 0xffffffff) {
							L97:
							__esp + 0x34 = SetFileTime( *(__esp + 0x24), __esp + 0x34, __ebx, __esp + 0x34); // executed
							L98:
							__eax = FindCloseChangeNotification( *(__esp + 0x18)); // executed
							__eflags = __esi;
							if(__esi >= 0) {
								goto L404;
							}
							__eflags = __esi - 0xfffffffe;
							if(__esi != 0xfffffffe) {
								__eax = E00406119(__ebp, 0xffffffee);
							} else {
								E00406119(__ebp, 0xffffffe9) = lstrcatW(__ebp, 0);
							}
							__eax = E00406AF2(L"%s", __ebp);
							_pop(__ecx);
							_pop(__ecx);
							_push(0x200010);
							_push(__ebp);
							goto L103;
						}
						__eflags =  *(__esp + 0x38) - 0xffffffff;
						if( *(__esp + 0x38) == 0xffffffff) {
							goto L98;
						}
						goto L97;
					case 0x13:
						__eax = E00403312(__edx, 0);
						__esi = __eax;
						_push(__eax);
						_push(L"Delete: \"%s\"");
						goto L105;
					case 0x14:
						__eax = E00403312(__edx, 0x31);
						__esi = __eax;
						_push(__eax);
						__eax = E00406AF2(L"MessageBox: %d,\"%s\"",  *(__esp + 0x2c));
						__eax = E0040701A(__esi,  *(__esp + 0x28));
						__eflags = __eax;
						if(__eax == 0) {
							goto L30;
						}
						__eflags = __eax -  *(__esp + 0x30);
						if(__eax !=  *(__esp + 0x30)) {
							__eflags = __eax -  *(__esp + 0x38);
							if(__eax !=  *(__esp + 0x38)) {
								goto L404;
							}
							__eax =  *(__esp + 0x3c);
							return  *(__esp + 0x3c);
						}
						goto L108;
					case 0x15:
						__eax = E00403312(__edx, 0xfffffff0);
						__esi = __eax;
						_push(__eax);
						_push(L"RMDir: \"%s\"");
						L105:
						__eax = E00406AF2();
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00406C25(__eflags, __esi,  *(__esp + 0x2c));
						goto L404;
					case 0x16:
						__eax = E00403312(__edx, 1);
						__eax = lstrlenW(__eax);
						goto L113;
					case 0x17:
						__ebx = E004032D6(2);
						__esi = __edx;
						0 = E004032D6(3);
						__eax = E00403312(__edx, 1);
						 *(__esp + 0x4c) = __eax;
						__eax = lstrlenW(__eax);
						__ecx = 0;
						__eflags = __esi;
						 *__ebp = __cx;
						__ebx =  ==  ? __eax : __ebx;
						__eflags = __ebx;
						if(__ebx == 0) {
							goto L404;
						}
						__eflags = __edi;
						if(__edi >= 0) {
							L117:
							__eflags = __edi - __eax;
							__edi =  >  ? __eax : __edi;
							 *(__esp + 0x48) =  *(__esp + 0x48);
							__eax = E0040708C(__ebp,  *(__esp + 0x48));
							__eflags = __ebx;
							if(__ebx < 0) {
								__ebx = __ebx + lstrlenW(__ebp);
								__eflags = __ebx;
							}
							__eax = 0;
							__eflags = __ebx;
							__eax =  >=  ? __ebx : 0;
							__eflags = __eax - 0x2000;
							if(__eax < 0x2000) {
								__ecx = 0;
								__ebp[__eax] = __cx;
							}
							goto L404;
						}
						__edi = __edi + __eax;
						__eflags = __edi;
						if(__edi < 0) {
							goto L404;
						}
						goto L117;
					case 0x18:
						__esi = E00403312(__edx, 0x20);
						_push(E00403312(__edx, 0x31));
						_push(__esi);
						__eflags =  *(__esp + 0x40);
						if( *(__esp + 0x40) != 0) {
							__eax = lstrcmpW();
						} else {
							__eax = lstrcmpiW();
						}
						__eflags = __eax;
						if(__eax != 0) {
							goto L108;
						} else {
							goto L52;
						}
					case 0x19:
						__edi = 0;
						__edi = 1;
						__eflags = 1;
						__eax = E00403312(__edx, 1);
						_push(0x2000);
						__esi = __eax;
						__eax = ExpandEnvironmentStringsW(__esi, __ebp, ??);
						__eflags = __eax;
						if(__eax == 0) {
							L130:
							__ecx = 0;
							__eax = __edi;
							 *__ebp = __cx;
							goto L132;
						} else {
							__eflags =  *(__esp + 0x30);
							if( *(__esp + 0x30) == 0) {
								L131:
								__eax =  *(__esp + 0x10);
								L132:
								__ecx = 0;
								__ebp[0x1fff] = __cx;
								goto L405;
							}
							__eax = lstrcmpW(__esi, __ebp);
							__eflags = __eax;
							if(__eax != 0) {
								goto L131;
							}
							goto L130;
						}
					case 0x1a:
						__esi =  *(__esp + 0x3c);
						0 = E004032D6(0);
						__eax = E004032D6(1);
						__eflags = __esi;
						if(__esi != 0) {
							__eflags = __edi - __eax;
							if(__eflags < 0) {
								L108:
								__eax =  *(__esp + 0x34);
								return  *(__esp + 0x34);
							}
							if(__eflags <= 0) {
								L52:
								__eax =  *(__esp + 0x30);
								return  *(__esp + 0x30);
							}
							L136:
							__eax =  *(__esp + 0x38);
							return  *(__esp + 0x38);
						}
						__eflags = __edi - __eax;
						if(__eflags < 0) {
							goto L108;
						}
						if(__eflags <= 0) {
							goto L52;
						}
						goto L136;
					case 0x1b:
						__edi = 0;
						__edi = 1;
						__esi = E004032D6(1);
						__ecx = E004032D6(2);
						__eax =  *(__esp + 0x34);
						__eflags = __eax - 0xd;
						if(__eax > 0xd) {
							L163:
							_push(__esi);
							goto L20;
						}
						switch( *((intOrPtr*)(__eax * 4 +  &M0040329E))) {
							case 0:
								__esi = __esi + __ecx;
								goto L163;
							case 1:
								__esi = __esi - __ecx;
								goto L163;
							case 2:
								__esi = __esi * __ecx;
								goto L163;
							case 3:
								__eflags = __ecx;
								if(__ecx == 0) {
									goto L147;
								}
								__eax = __esi;
								asm("cdq");
								_t109 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t109;
								__esi = __eax;
								goto L148;
							case 4:
								__esi = __esi | __ecx;
								goto L163;
							case 5:
								__esi = __esi & __ecx;
								goto L163;
							case 6:
								__esi = __esi ^ __ecx;
								goto L163;
							case 7:
								__eax = 0;
								__eflags = __esi;
								__eax = 0 | __eflags == 0x00000000;
								__esi = __eflags == 0;
								goto L163;
							case 8:
								__eflags = __esi;
								if(__esi != 0) {
									goto L155;
								}
								goto L154;
							case 9:
								__eflags = __esi;
								if(__esi != 0) {
									L154:
									__eflags = __ecx;
									if(__ecx == 0) {
										goto L157;
									}
									L155:
									__esi = __edi;
									goto L163;
								}
								L157:
								__esi = __ebx;
								goto L163;
							case 0xa:
								__eflags = __ecx;
								if(__ecx == 0) {
									L147:
									__esi = __ebx;
									L148:
									__eax = 0;
									__eflags = __ecx;
									__eax = 0 | __eflags == 0x00000000;
									 *(__esp + 0x10) = __eflags == 0;
									goto L163;
								}
								__eax = __esi;
								asm("cdq");
								_t118 = __eax % __ecx;
								__eax = __eax / __ecx;
								__edx = _t118;
								__esi = _t118;
								goto L148;
							case 0xb:
								__esi = __esi << __cl;
								goto L163;
							case 0xc:
								__esi = __esi >> __cl;
								goto L163;
							case 0xd:
								__esi = __esi >> __cl;
								__eflags = __esi;
								goto L163;
						}
					case 0x1c:
						__esi = E00403312(__edx, 1);
						E004032D6(2) = wsprintfW(__ebp, __esi, __eax);
						goto L16;
					case 0x1d:
						__edx =  *(__esp + 0x30);
						__eax = __edx;
						__esi =  *0x40c100; // 0x9f5018
						__eflags = __edx;
						if(__edx == 0) {
							__eflags = __ecx;
							if(__ecx == 0) {
								__eax = GlobalAlloc(0x40, 0x4004); // executed
								__esi = __eax;
								_t124 = __esi + 4; // 0x4
								_t124 = E00406119(_t124,  *(__esp + 0x28));
								__eax =  *0x40c100; // 0x9f5018
								 *__esi = __eax;
								 *0x40c100 = __esi;
								goto L404;
							}
							__eflags = __esi;
							if(__esi != 0) {
								_t122 = __esi + 4; // 0x9f501c
								_t122 = E0040708C(__ebp, _t122);
								__eax =  *__esi;
								 *0x40c100 =  *__esi;
								_push(__esi); // executed
								goto L177;
							}
							_push(L"Pop: stack empty");
							L28:
							__eax = E00406AF2();
							goto L29;
						} else {
							goto L166;
						}
						while(1) {
							L166:
							__eax = __eax - 1;
							__eflags = __esi;
							if(__esi == 0) {
								break;
							}
							__esi =  *__esi;
							__eflags = __eax;
							if(__eax != 0) {
								continue;
							}
							__eflags = __esi;
							if(__esi == 0) {
								break;
							}
							__esi = __esi + 4;
							__ebp = L"Call";
							__eax = E0040708C(__ebp, __esi);
							__eax =  *0x40c100; // 0x9f5018
							__eax = E0040708C(__esi, __eax);
							__eax =  *0x40c100; // 0x9f5018
							_push(__ebp);
							__eax =  &(__eax[2]);
							__eflags = __eax;
							_push(__eax);
							goto L170;
						}
						__eax = E00406AF2(L"Exch: stack < %d elements", __edx);
						_pop(__ecx);
						_pop(__ecx);
						goto L172;
					case 0x1e:
						__esi = E004032D6(3);
						 *(__esp + 0x1c) = __esi;
						0 = E004032D6(4);
						__eax =  *(__esp + 0x44);
						__eflags = __al & 0x00000001;
						if((__al & 0x00000001) != 0) {
							__eax = E00403312(__edx, 0x33);
							__esi = __eax;
							 *(__esp + 0x14) = __eax;
							__eax =  *(__esp + 0x3c);
						}
						__eflags = __al & 0x00000002;
						if((__al & 0x00000002) != 0) {
							0 = E00403312(__edx, 0x44);
						}
						__eflags =  *(__esp + 0x24) - 0x21;
						_push(1);
						if(__eflags != 0) {
							__esi = E00403312(__edx);
							__eax = E00403312(__edx);
							__ecx = 0;
							__eflags =  *__eax - __bx;
							 !=  ? __eax : 0 = 0;
							__eflags =  *__esi - __bx;
							__ecx =  !=  ? __esi : 0;
							__eax = FindWindowExW( *(__esp + 0x20), __edi,  !=  ? __esi : 0,  !=  ? __eax : 0); // executed
							goto L188;
						} else {
							 *(__esp + 0x1c) = E004032D6();
							__eax = E004032D6(2);
							__ecx =  *(__esp + 0x3c);
							__ecx =  *(__esp + 0x3c) >> 2;
							__eflags = __ecx;
							if(__ecx == 0) {
								__eax = SendMessageW( *(__esp + 0x20), __eax, __esi, __edi); // executed
								L188:
								__ecx = __eax;
								__eax =  *(__esp + 0x10);
								 *(__esp + 0x18) = __ecx;
								L189:
								__eflags =  *(__esp + 0x28) - __ebx;
								if( *(__esp + 0x28) < __ebx) {
									goto L405;
								}
								_push(__ecx);
								goto L20;
							}
							__edx = __esp + 0x18;
							__eax = SendMessageTimeoutW( *(__esp + 0x2c), __eax, __esi, __edi, __ebx, __ecx, __esp + 0x18);
							__ecx =  *(__esp + 0x18);
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esp + 0x10) = __eax;
							goto L189;
						}
					case 0x1f:
						__eax = E004032D6(0);
						__eax = IsWindow(__eax);
						__ecx =  *(__esp + 0x30);
						__eflags = __eax;
						__ecx =  !=  ?  *(__esp + 0x2c) :  *(__esp + 0x30);
						__eax =  !=  ?  *(__esp + 0x2c) :  *(__esp + 0x30);
						return  !=  ?  *(__esp + 0x2c) :  *(__esp + 0x30);
					case 0x20:
						__esi = E004032D6(2);
						__eax = E004032D6(1);
						__eax = GetDlgItem(__eax, __esi);
						goto L113;
					case 0x21:
						__esi =  *0x47e268;
						__esi =  *0x47e268 + __ecx;
						E004032D6(0) = SetWindowLongW(__eax, 0xffffffeb, __esi);
						goto L404;
					case 0x22:
						__esi = GetDlgItem(__edx, __ecx);
						__esp + 0x54 = GetClientRect(__esi, __esp + 0x54);
						 *(__esp + 0x60) =  *(__esp + 0x60) *  *(__esp + 0x30);
						 *(__esp + 0x5c) =  *(__esp + 0x5c) *  *(__esp + 0x30);
						__eax = E00403312(__edx, 0);
						__eax = LoadImageW(0, __eax, 0, __eax, __ecx, 0x10); // executed
						__eax = SendMessageW(__esi, 0x172, 0, __eax); // executed
						__eflags = __eax;
						if(__eax != 0) {
							__eax = DeleteObject(__eax);
						}
						goto L404;
					case 0x23:
						0 = GetDC(__edx);
						__esi = E004032D6(2);
						__eax = GetDeviceCaps(__edi, 0x5a);
						__eax = MulDiv(__esi, __eax, 0x48);
						0x420108->lfHeight = __eax;
						 *(__esp + 0x1c) = ReleaseDC( *(__esp + 0x1c), 0);
						__eax = E004032D6(3);
						__ecx =  *(__esp + 0x38);
						 *0x420118 = __eax;
						__cl = __cl & 0x00000001;
						 *0x42011f = 1;
						 *0x42011c = __cl & 0x00000001;
						__al = __cl;
						__al = __cl & 0x00000002;
						__cl = __cl & 0x00000004;
						 *0x42011d = __al;
						 *0x42011e = __cl;
						__eax = E00406119("MS Shell Dlg",  *(__esp + 0x2c));
						__eax = CreateFontIndirectW(0x420108);
						goto L113;
					case 0x24:
						__esi = E004032D6(0);
						0 = E004032D6(1);
						__eflags =  *(__esp + 0x30);
						if( *(__esp + 0x30) != 0) {
							_push(L"HideWindow");
							__eax = E00406AF2();
							_pop(__ecx);
						}
						_push(__edi);
						_push(__esi);
						__eflags =  *(__esp + 0x3c) - __ebx;
						if( *(__esp + 0x3c) != __ebx) {
							__eax = EnableWindow();
						} else {
							__eax = ShowWindow(); // executed
						}
						goto L404;
					case 0x25:
						__esi = E00403312(__edx, 0);
						__ebp = E00403312(__edx, 0x31);
						0 = E00403312(__edx, 0x22);
						E00403312(__edx, 0x15) = E00405F97(0xffffffec, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
						__ecx =  *(__esp + 0x38);
						__eax =  *(__esp + 0x1c);
						 *(__esp + 0x5c) =  *(__esp + 0x1c);
						__eax = 0;
						 *(__esp + 0x58) =  *(__esp + 0x38);
						__ecx =  *(__esp + 0x34);
						 *(__esp + 0x70) = __ecx;
						__eflags =  *__esi - __bx;
						 *(__esp + 0x64) = __ebp;
						__eax =  !=  ? __esi : 0;
						 *(__esp + 0x60) =  !=  ? __esi : 0;
						__eax = 0;
						__eflags =  *__edi - __bx;
						 *((intOrPtr*)(__esp + 0x6c)) = 0x4d7000;
						__eax =  !=  ? __edi : 0;
						 *(__esp + 0x68) =  !=  ? __edi : 0;
						__eax = __esp + 0x54;
						__eax = E00406F5F(__esp + 0x54);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags =  *(__esp + 0x58) & 0x00000040;
							if(( *(__esp + 0x58) & 0x00000040) != 0) {
								E004067BB(__ecx,  *(__esp + 0x8c)) = CloseHandle( *(__esp + 0x8c));
							}
							_push(__edi);
							_push(__ebp);
							_push(__esi);
							_push(L"ExecShell: success (\"%s\": file:\"%s\" params:\"%s\")");
							L15:
							__eax = E00406AF2();
							L16:
							__esp = __esp + 0x10;
							goto L404;
						}
						_push(GetLastError());
						_push(__edi);
						_push(__ebp);
						__eax = E00406AF2(L"ExecShell: warning: error (\"%s\": file:\"%s\" params:\"%s\")=%d", __esi);
						goto L30;
					case 0x26:
						0 = E00403312(__edx, 0);
						__eax = E00406AF2(L"Exec: command=\"%s\"", __edi);
						_pop(__ecx);
						_pop(__ecx);
						__eax = E00405F97(0xffffffeb, __edi);
						__ebx = E00406BE0(__edi);
						_push(__edi);
						__eflags = __ebx;
						if(__ebx == 0) {
							_push(L"Exec: failed createprocess (\"%s\")");
							L61:
							__eax = E00406AF2();
							_pop(__ecx);
							L29:
							_pop(__ecx);
							goto L30;
						}
						_push(L"Exec: success (\"%s\")");
						__eax = E00406AF2();
						__eflags =  *(__esp + 0x38);
						_pop(__ecx);
						_pop(__ecx);
						if(__eflags != 0) {
							__eax = E004067BB(__ecx, __ebx);
							__eflags =  *(__esp + 0x2c);
							__ecx = __eax;
							if( *(__esp + 0x2c) < 0) {
								__eax =  *(__esp + 0x10);
								0 = 1;
								__eflags = __ecx;
								__eax =  !=  ? 1 :  *(__esp + 0x10);
								 *(__esp + 0x10) =  !=  ? 1 :  *(__esp + 0x10);
							} else {
								__eax = E00406A5B(__esi, __ecx);
							}
						}
						_push(__ebx);
						goto L213;
					case 0x27:
						__eax = E00403312(__edx, 2);
						0 = __eax;
						__eflags = __edi;
						if(__edi == 0) {
							__eax = 0;
							 *__ebp = __ax;
							 *__esi = __ax;
							goto L30;
						}
						__eax = E00406A5B(__esi,  *((intOrPtr*)(__edi + 0x14)));
						_push( *(__edi + 0x18));
						goto L20;
					case 0x28:
						__eax = E00403312(__edx, 0xffffffee);
						__ecx = __esp + 0x54;
						 *(__esp + 0x18) = __eax;
						_push(__esp + 0x54);
						_push(__eax);
						__eax = E00406E4E(9);
						__ecx = __eax;
						__eax = 0;
						 *__ebp = __ax;
						 *__esi = __ax;
						__eax = 1;
						 *(__esp + 0x48) = __ecx;
						 *(__esp + 0x10) = 1;
						__eflags = __ecx;
						if(__ecx == 0) {
							goto L405;
						}
						0 = GlobalAlloc(0x40, __ecx);
						__eflags = __edi;
						if(__edi == 0) {
							goto L404;
						}
						__esi = E00406E4E(0xa);
						__eax = E00406E4E(0xb);
						_push(__edi);
						_push( *(__esp + 0x4c));
						 *(__esp + 0x4c) = __eax;
						_push(0);
						_push( *(__esp + 0x24));
						__eax =  *__esi();
						__eflags = __eax;
						if(__eax != 0) {
							__eax = __esp + 0x4c;
							_push(__esp + 0x4c);
							__eax = __esp + 0x18;
							_push(__esp + 0x18);
							_push("\\");
							_push(__edi);
							__eax =  *(__esp + 0x54)();
							__eflags = __eax;
							if(__eax != 0) {
								 *(__esp + 0x14) = E00406A5B(__ebp, ( *(__esp + 0x14))[4]);
								 *(__esp + 0x14) = E00406A5B( *(__esp + 0x44), ( *(__esp + 0x14))[6]);
								 *(__esp + 0x10) = 0;
							}
						}
						_push(__edi);
						L177:
						__eax = GlobalFree(); // executed
						goto L404;
					case 0x29:
						__edi = 0;
						__edi = 1;
						 *(__esp + 0x10) = 1;
						__eflags =  *0x47e280;
						if( *0x47e280 < 0) {
							__eax = E00405F97(0xffffffe7, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
							_push(L"Error registering DLL: Could not initialize OLE");
							__eax = E00406AF2();
							goto L59;
						}
						__ebp = E00403312(__edx, 0xfffffff0);
						 *(__esp + 0x14) = E00403312(__edx, 1);
						__eflags =  *(__esp + 0x38);
						if( *(__esp + 0x38) == 0) {
							L227:
							__eax = LoadLibraryExW(__ebp, __ebx, 8); // executed
							__esi = __eax;
							__eflags = __esi;
							if(__esi == 0) {
								__eax = E00405F97(0xfffffff6, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
								_push(__ebp);
								_push(L"Error registering DLL: Could not load %s");
								goto L58;
							}
							L228:
							__ecx = E0040650C(__esi,  *(__esp + 0x14));
							 *(__esp + 0x48) = __ecx;
							__eflags = __ecx;
							if(__ecx == 0) {
								__ebx =  *(__esp + 0x14);
								__eax = E00405F97(0xfffffff7,  *(__esp + 0x14));
								_push(__ebp);
								__eax = E00406AF2(L"Error registering DLL: %s not found in %s", __ebx);
								L234:
								__eax =  *(__esp + 0x10);
								L235:
								__eflags =  *(__esp + 0x34);
								if( *(__esp + 0x34) != 0) {
									goto L405;
								}
								__eax = E00403ED1(__esi);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = FreeLibrary(__esi); // executed
								}
								goto L404;
							}
							 *(__esp + 0x10) = __ebx;
							__eflags =  *(__esp + 0x30) - __ebx;
							if( *(__esp + 0x30) == __ebx) {
								__eax =  *(__esp + 0x1c);
								_push("��G");
								_push(0x40c100);
								_push(0x47f000);
								_push(0x2000);
								_push(__eax); // executed
								__eax =  *__ecx(); // executed
								__esp = __esp + 0x14;
								goto L234;
							}
							__eax = E004033F1( *(__esp + 0x30));
							__eax =  *(__esp + 0x48)();
							__eflags = __eax;
							if(__eax == 0) {
								goto L234;
							}
							__eax = __edi;
							 *(__esp + 0x10) = __edi;
							goto L235;
						}
						__eax = GetModuleHandleW(__ebp); // executed
						__esi = __eax;
						__eflags = __esi;
						if(__esi != 0) {
							goto L228;
						}
						goto L227;
					case 0x2a:
						 *(__esp + 0x44) = E00403312(__edx, 0xfffffff0);
						 *(__esp + 0x1c) = E00403312(__edx, 0xffffffdf);
						 *(__esp + 0x48) = E00403312(__edx, 2);
						__esi = E00403312(__edx, 0xffffffcd);
						 *(__esp + 0x94) = __esi;
						__eax = E00403312(__edx, 0x45);
						__ecx =  *(__esp + 0x38);
						__edi = __ecx;
						 *(__esp + 0x58) = __eax;
						__ebp = __ecx;
						__eax = __ecx;
						__ebp = __ecx >> 0xc;
						__eax = __ecx & 0x00008000;
						__ecx = __ecx >> 0x10;
						 *(__esp + 0x4c) = __eax;
						__edi = __edi & 0x00000fff;
						__eax = __cx & 0x0000ffff;
						__ebp = __ebp & 0x00000007;
						 *(__esp + 0x50) = __edi;
						 *(__esp + 0x18) = __cx & 0x0000ffff;
						__eax = E0040730E( *(__esp + 0x18));
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E00403312(__edx, 0x21);
						}
						_push( *(__esp + 0x14));
						_push(__ebp);
						_push(__edi);
						_push(__esi);
						_push( *(__esp + 0x54));
						_push( *(__esp + 0x2c));
						__eax = E00406AF2(L"CreateShortcut: out: \"%s\", in: \"%s %s\", icon: %s,%d, sw=%d, hk=%d",  *(__esp + 0x58));
						__eax = __esp + 0x20;
						__edi = 0;
						__edi = 1;
						_push(__eax);
						_push(0x40ac64);
						_push(1);
						_push(__ebx);
						_push(0x40ac84); // executed
						__imp__CoCreateInstance(); // executed
						__eflags = __eax;
						if(__eax < 0) {
							L255:
							_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
							 *(__esp + 0x14) = __edi;
							_push(0xfffffff0);
							goto L10;
						} else {
							__eax =  *(__esp + 0x20);
							__edx = __esp + 0x1c;
							_push(__esp + 0x1c);
							_push(0x40ac74);
							_push(__eax);
							__ecx =  *__eax;
							__esi = __eax;
							__eflags = __esi;
							if(__esi >= 0) {
								__eax =  *(__esp + 0x20);
								_push( *(__esp + 0x18));
								_push(__eax);
								__ecx =  *__eax; // executed
								__esi = __eax;
								__eflags =  *(__esp + 0x48) - __ebx;
								if( *(__esp + 0x48) == __ebx) {
									__eax =  *(__esp + 0x20);
									_push(0x4d7000);
									_push(__eax);
									__ecx =  *__eax;
									__eax =  *((intOrPtr*)( *__eax + 0x24))();
								}
								__eflags = __ebp;
								if(__ebp != 0) {
									__eax =  *(__esp + 0x20);
									_push(__ebp);
									_push(__eax);
									__ecx =  *__eax;
									__eax =  *((intOrPtr*)( *__eax + 0x3c))();
								}
								__eax =  *(__esp + 0x20);
								_push( *(__esp + 0x14));
								_push(__eax);
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 0x34))();
								__edx =  *(__esp + 0x90);
								__eflags = __edx->i - __bx;
								if(__edx->i != __bx) {
									__eax =  *(__esp + 0x20);
									_push( *(__esp + 0x4c));
									_push(__edx);
									__ecx =  *__eax;
									_push(__eax);
									__eax =  *((intOrPtr*)( *__eax + 0x44))();
								}
								__eax =  *(__esp + 0x20);
								_push( *(__esp + 0x44));
								_push(__eax);
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 0x2c))();
								__eax =  *(__esp + 0x20);
								_push( *(__esp + 0x54));
								_push(__eax);
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 0x1c))();
								__eflags = __esi;
								if(__esi >= 0) {
									__eax =  *(__esp + 0x1c);
									_push(__edi);
									_push( *(__esp + 0x44));
									__ecx =  *__eax;
									_push(__eax); // executed
									__esi = __eax;
								}
								__eax =  *(__esp + 0x1c);
								_push(__eax);
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))();
							}
							__eax =  *(__esp + 0x20);
							_push(__eax);
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))();
							__eflags = __esi;
							if(__esi < 0) {
								goto L255;
							} else {
								_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
								_push(0xfffffff4);
								L10:
								__eax = E00405F97();
								goto L404;
							}
						}
					case 0x2b:
						__esi = E00403312(__edx, 0);
						0 = E00403312(__edx, 0x11);
						__eax = E00403312(__edx, 0x23);
						_push(__edi);
						__ebp = __eax;
						__eax = E00406AF2(L"CopyFiles \"%s\"->\"%s\"", __esi);
						__eax = E00406A15(__esi);
						__eflags = __eax;
						if(__eax != 0) {
							__eax =  *(__esp + 0x1c);
							 *(__esp + 0x58) =  *(__esp + 0x1c);
							 *(__esp + 0x5c) = 2;
							__eax = lstrlenW(__esi);
							__ecx = 0;
							 *(__esi +  &(2[__eax])) = __cx;
							__eax = lstrlenW(__edi);
							__ecx = 0;
							 *(__edi +  &(2[__eax])) = __cx;
							__ax =  *(__esp + 0x38);
							 *(__esp + 0x64) = __esi;
							 *(__esp + 0x68) = __edi;
							 *(__esp + 0x76) = __ebp;
							 *((short*)(__esp + 0x6c)) =  *(__esp + 0x38);
							E00405F97(0, __ebp) = __esp + 0x54;
							__eax = SHFileOperationW(__esp + 0x54); // executed
							__eflags = __eax;
							if(__eax == 0) {
								goto L404;
							}
						}
						__eax = E00405F97(0xfffffff9, __ebx);
						goto L30;
					case 0x2c:
						__eflags = __edi - 0xbadf00d;
						if(__edi != 0xbadf00d) {
							L172:
							_push(0x200010);
							_push(E00406119(__ebx, 0xffffffe8));
							L103:
							__eax = E0040701A();
							L5:
							__eax = 0x7fffffff;
							return 0x7fffffff;
						}
						 *0x47e2f4 =  *0x47e2f4 + 1;
						goto L404;
					case 0x2d:
						__edi = 0x410108;
						 *(__esp + 0x1c) = 0;
						 *(__esp + 0x1c) = 0;
						__eax = E0040708C(0x410108, L"<RM>");
						__ebp = 0x414108;
						__eax = E0040708C(0x414108, 0x410108);
						__eflags =  *(__esp + 0x28);
						if( *(__esp + 0x28) != 0) {
							__ebx = E00403312(__edx, 0);
						}
						__eflags =  *(__esp + 0x2c);
						if( *(__esp + 0x2c) != 0) {
							 *(__esp + 0x18) = E00403312(__edx, 0x11);
						}
						__eflags =  *(__esp + 0x38);
						if( *(__esp + 0x38) != 0) {
							 *(__esp + 0x14) = E00403312(__edx, 0x22);
						}
						__esi = E00403312(__edx, 0xffffffcd);
						_push(__esi);
						_push(__ebp);
						_push(__edi);
						__eax = E00406AF2(L"WriteINIStr: wrote [%s] %s=%s in %s", L"Call");
						__eax = WritePrivateProfileStringW(__ebx,  *(__esp + 0x20),  *(__esp + 0x18), __esi);
						L74:
						__eflags = __eax;
						if(__eax != 0) {
							goto L404;
						}
						goto L30;
					case 0x2e:
						_push(0xa);
						_pop(__ebx);
						 *(__esp + 0x58) = 0;
						0 = E00403312(__edx, 1);
						__esi = E00403312(__edx, 0x12);
						E00403312(__edx, 0xffffffdd) = __esp + 0x60;
						GetPrivateProfileStringW(__edi, __esi, __esp + 0x60, __ebp, 0x1fff, __esp + 0x60) =  *__ebp & 0x0000ffff;
						__ecx =  *__ebp & 0x0000ffff;
						__eflags = __ax - __bx;
						if(__ax == __bx) {
							__eax = 0;
							__eflags = 0;
							 *__ebp = __ax;
						}
						__eax = 0;
						__eflags = __cx - __bx;
						goto L94;
					case 0x2f:
						__ebx = 0;
						__ebx = 1;
						__eax = E0040687E(__ecx);
						__eflags =  *(__esp + 0x3c);
						__ebp = __eax;
						if(__eflags != 0) {
							__eax = E00403312(__edx, 0x22);
							__esi = __eax;
							_push(__eax);
							__eax = E00406AF2(L"DeleteRegKey: \"%s\\%s\"", __ebp);
							 *(__esp + 0x44) =  *(__esp + 0x44) >> 1;
							__ebx = E00403350( *(__esp + 0x5c), __esi,  *(__esp + 0x44) >> 1);
						} else {
							0 = E00403395(__ecx, __edx, __eflags, 2);
							__eflags = __edi;
							if(__edi != 0) {
								__esi = E00403312(__edx, 0x33);
								__eax = RegDeleteValueW(__edi, __esi);
								_push(__esi);
								_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp");
								__ebx = __eax;
								E00406AF2(L"DeleteRegValue: \"%s\\%s\" \"%s\"", __ebp) = RegCloseKey(0);
							}
						}
						__eax = 0;
						__eflags = __ebx;
						__eax = 0 | __ebx != 0x00000000;
						goto L405;
					case 0x30:
						__eax =  *(__esp + 0x38);
						 *(__esp + 0x44) =  *(__esp + 0x38);
						__eax =  *(__esp + 0x3c);
						 *(__esp + 0x44) =  *(__esp + 0x3c);
						 *(__esp + 0x20) = E00403312(__edx, 2);
						__esi = E00403312(__edx, 0x11);
						__ebp = E0040687E(__edi);
						__edi = 0;
						__eax = __esp + 0x54;
						 *(__esp + 0x18) = __ebp;
						__edi = 1;
						 *(__esp + 0x20) = 1;
						__eax = E004032F7( *(__esp + 0x58));
						__eax = E00406550(__eflags, __eax, __esi, 0x100022, __esp + 0x54); // executed
						__ecx =  *(__esp + 0x54);
						__edx = 0;
						__eflags = __eax;
						__ecx =  !=  ? 0 :  *(__esp + 0x54);
						 *(__esp + 0x14) = __ecx;
						__eflags = __ecx;
						if(__ecx == 0) {
							_push(__esi);
							__eax = E00406AF2(L"WriteReg: error creating key \"%s\\%s\"", __ebp);
							goto L404;
						}
						__eax =  *(__esp + 0x44);
						__ebp = 0x414108;
						 *(__esp + 0x20) = 0;
						__eflags = __eax - 1;
						if(__eax != 1) {
							__edi =  *(__esp + 0x18);
							L283:
							__eflags = __eax - 4;
							if(__eax == 4) {
								__eax = E004032D6(3);
								_push(__eax);
								_push( *(__esp + 0x24));
								 *0x414108 = __eax;
								_push(__esi);
								 *(__esp + 0x38) = 4;
								__eax = E00406AF2(L"WriteRegDWORD: \"%s\\%s\" \"%s\"=\"0x%08x\"", __edi);
								__eax =  *(__esp + 0x5c);
							}
							__eflags = __eax - 3;
							if(__eax == 3) {
								__eax = E0040342F( *(__esp + 0x40), __ebx, __ebp, 0xc000);
								_push(__eax);
								_push(__ebp);
								 *(__esp + 0x28) = __eax;
								__eax = __esp + 0x9c;
								_push(0x80);
								_push(__eax);
								__eax = E004067FF();
								__edx =  *(__esp + 0x50);
								__eax = __esp + 0xa4;
								_push(__esp + 0xa4);
								_push( *(__esp + 0x30));
								__eflags = __edx - 7;
								__eax = L"WriteRegBin";
								L"WriteRegMultiStr" =  !=  ? L"WriteRegBin" : L"WriteRegMultiStr";
								__eax = L"WriteRegNone";
								_push(__esi);
								__eflags = __edx;
								_push(__edi);
								__eax =  !=  ?  !=  ? L"WriteRegBin" : L"WriteRegMultiStr" : L"WriteRegNone";
								__eflags =  !=  ?  !=  ? L"WriteRegBin" : L"WriteRegMultiStr" : L"WriteRegNone";
								__eax = E00406AF2(L"%s: \"%s\\%s\" \"%s\"=\"%s\"",  !=  ?  !=  ? L"WriteRegBin" : L"WriteRegMultiStr" : L"WriteRegNone");
							}
							L287:
							__ebp =  *(__esp + 0x28);
							__eax = RegSetValueExW( *(__esp + 0x28), __ebp, __ebx,  *(__esp + 0x48), __ebp,  *(__esp + 0x20)); // executed
							__eflags = __eax;
							if(__eax != 0) {
								_push(__ebp);
								_push(__esi);
								__eax = E00406AF2(L"WriteReg: error writing into \"%s\\%s\" \"%s\"", __edi);
							} else {
								 *(__esp + 0x10) = __ebx;
							}
							_push( *(__esp + 0x14));
							goto L291;
						}
						__eax = E00403312(0, 0x23);
						__eax = lstrlenW(0x414108);
						__eflags =  *(__esp + 0x40) - 1;
						__edi =  *(__esp + 0x18);
						_push(0x414108);
						_push( *(__esp + 0x20));
						__eax =  &(2[__eax]);
						_push(__esi);
						 *(__esp + 0x2c) = __eax;
						_push(__edi);
						if(__eflags != 0) {
							_push(L"WriteRegExpandStr: \"%s\\%s\" \"%s\"=\"%s\"");
							__eax = E00406AF2();
							__eax =  *(__esp + 0x58);
							__esp = __esp + 0x14;
							goto L283;
						}
						_push(L"WriteRegStr: \"%s\\%s\" \"%s\"=\"%s\"");
						__eax = E00406AF2();
						__esp = __esp + 0x14;
						goto L287;
					case 0x31:
						__eax = E00403395(__ecx, __edx, __eflags, 0x20019); // executed
						__esi = __eax;
						__eax = E00403312(__edx, 0x33);
						__ecx = 0;
						 *__ebp = __cx;
						__eflags = __esi;
						if(__esi == 0) {
							goto L30;
						}
						__ecx = __esp + 0x54;
						 *(__esp + 0x54) = 0x4000;
						__ecx = __esp + 0x20;
						__eax = RegQueryValueExW(__esi, __eax, 0, __esp + 0x20, __ebp, __esp + 0x54);
						__edi = 0;
						__edi = 1;
						__eflags = __eax;
						if(__eax != 0) {
							L301:
							__eax = 0;
							__eflags = 0;
							 *(__esp + 0x10) = __edi;
							 *__ebp = __ax;
							goto L302;
						}
						__eflags =  *(__esp + 0x18) - 4;
						if( *(__esp + 0x18) == 4) {
							__eax = 0;
							__eflags =  *(__esp + 0x3c);
							__eax = 0 | __eflags == 0x00000000;
							 *(__esp + 0x18) = __eflags == 0;
							__eax = E00406A5B(__ebp,  *__ebp);
							goto L302;
						}
						__eflags =  *(__esp + 0x18) - 1;
						if( *(__esp + 0x18) == 1) {
							L298:
							__eax =  *(__esp + 0x38);
							 *(__esp + 0x10) =  *(__esp + 0x38);
							goto L299;
						}
						__eflags =  *(__esp + 0x18) - 2;
						if( *(__esp + 0x18) != 2) {
							goto L301;
						}
						goto L298;
					case 0x32:
						__esi = E00403395(__ecx, __edx, __eflags, 0x20019);
						__eax = E004032D6(3);
						__ecx = 0;
						 *(__esp + 0x58) = __edx;
						 *__ebp = __cx;
						__eflags = __esi;
						if(__esi == 0) {
							goto L30;
						}
						__ecx = 0x1fff;
						 *(__esp + 0x54) = 0x1fff;
						__eflags =  *(__esp + 0x38);
						if( *(__esp + 0x38) == 0) {
							__ecx = __esp + 0x64;
							__eax = RegEnumValueW(__esi, __eax, __ebp, __esp + 0x64, 0, 0, 0, 0);
							__ecx =  *(__esp + 0x10);
							0 = 1;
							__eflags = __eax;
							__ecx =  !=  ? 1 :  *(__esp + 0x10);
							 *(__esp + 0x10) =  !=  ? 1 :  *(__esp + 0x10);
						} else {
							__eax = RegEnumKeyW(__esi, __eax, __ebp, 0x1fff);
						}
						L299:
						__eax = 0;
						__ebp[0x1fff] = __ax;
						L302:
						_push(__esi);
						L291:
						__eax = RegCloseKey();
						goto L404;
					case 0x33:
						__eax = E00407183(__ebp);
						__eflags = __eax;
						if(__eax == 0) {
							goto L404;
						}
						_push(__eax);
						L213:
						__eax = CloseHandle();
						goto L404;
					case 0x34:
						__eax = E00403312(__edx, 0xffffffed);
						__eax = E00406E83(__eax,  *(__esp + 0x30),  *(__esp + 0x30));
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							L113:
							_push(__eax);
							L20:
							_push(__ebp);
							goto L21;
						}
						goto L310;
					case 0x35:
						__ecx =  *(__esp + 0x24);
						__eax = 0;
						__edx =  *(__esp + 0x30);
						__eflags = __ecx - 0x38;
						 *(__esp + 0x4c) = __edx;
						__esi = 0x410108;
						__eax = 0 | __eflags == 0x00000000;
						__edi = 0;
						__edi = 1;
						 *(__esp + 0x14) = __eflags == 0;
						__eflags = __edx;
						if(__edx == 0) {
							__eflags = __ecx - 0x38;
							if(__ecx != 0x38) {
								__eax = E00403312(__edx, 0x11);
								__eax = lstrlenW(__eax);
								__eflags = __eax + __eax;
							} else {
								E00403312(__edx, 0x21) = WideCharToMultiByte(0, 0, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp", 0xffffffff, 0x410108, 0x2000, 0, 0);
								__esi = lstrlenA(0x410108);
							}
						} else {
							__eax = E004032D6(1);
							 *0x410108 = __ax;
							__eax = 0;
							__eflags =  *(__esp + 0x18);
							__eax = 0 | __eflags == 0x00000000;
							__eax = (__eflags == 0) + 1;
							 *(__esp + 0x54) = __eax;
							__esi = __eax;
						}
						__eflags =  *__ebp - __bx;
						if( *__ebp == __bx) {
							L321:
							__eax = __edi;
							goto L405;
						} else {
							__ebx = E00407183(__ebp);
							__eax =  *(__esp + 0x14);
							__eax =  *(__esp + 0x14) |  *(__esp + 0x4c);
							__eflags = __eax;
							if(__eax != 0) {
								L320:
								__eax = E00406F77(__ecx, __ebx, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll", __esi);
								__eflags = __eax;
								if(__eax != 0) {
									goto L404;
								}
								goto L321;
							}
							__eflags =  *(__esp + 0x34) - __eax;
							if( *(__esp + 0x34) == __eax) {
								goto L320;
							}
							__eax = E0040672B(__ebx, __ebx);
							__eflags = __eax;
							if(__eax < 0) {
								goto L321;
							}
							goto L320;
						}
					case 0x36:
						_push(2);
						_pop(__ecx);
						 *(__esp + 0x18) = 0;
						 *(__esp + 0x20) = __ecx;
						__eax = E004032D6(__ecx);
						__edi = 0;
						__edi = 1;
						__eflags = __eax - 1;
						if(__eax < 1) {
							goto L404;
						}
						__ecx = 0x1fff;
						__eflags = __eax - 0x1fff;
						 *(__esp + 0x48) = __eax;
						__eflags =  *__ebp - __bx;
						if( *__ebp == __bx) {
							L346:
							__ecx =  *(__esp + 0x14);
							__eax = 0;
							__eflags = __ecx;
							 *(__esi + __ecx * 2) = __ax;
							L94:
							__eax = __eax & 0xffffff00 | __eflags == 0x00000000;
							goto L405;
						}
						 *(__esp + 0x48) = 0;
						__ecx = E00407183(__ebp);
						 *(__esp + 0x18) = __ecx;
						__eflags =  *(__esp + 0x48);
						if( *(__esp + 0x48) <= 0) {
							goto L346;
						}
						 *(__esp + 0x4c) = 0xd;
						__ebp = 0;
						do {
							__eflags =  *(__esp + 0x24) - 0x39;
							if( *(__esp + 0x24) != 0x39) {
								__eflags =  *(__esp + 0x34) - __ebx;
								if( *(__esp + 0x34) != __ebx) {
									L339:
									__eax = __esp + 0x24;
									__eax = E00406EB0(__ecx, __ecx, __esp + 0x24, 2);
									__eflags = __eax;
									if(__eax == 0) {
										goto L346;
									}
									L340:
									__ecx =  *(__esp + 0x1c);
									__eax =  *(__esp + 0x20);
									L341:
									__eflags =  *(__esp + 0x34) - __ebx;
									if( *(__esp + 0x34) != __ebx) {
										L352:
										__ax & 0x0000ffff = E00406A5B(__esi, __ax & 0x0000ffff);
										goto L406;
									}
									_push(0xd);
									_pop(__edx);
									__eflags =  *(__esp + 0x44) - __dx;
									_push(0xa);
									_pop(__edx);
									if(__eflags == 0) {
										L347:
										__eflags =  *(__esp + 0x44) - __ax;
										if( *(__esp + 0x44) == __ax) {
											L351:
											__eax = SetFilePointer( *(__esp + 0x24), __ecx, __ebx, 0);
											goto L346;
										}
										__eflags = __ax -  *(__esp + 0x4c);
										if(__ax ==  *(__esp + 0x4c)) {
											L350:
											 *(__esi + __ebp * 2) = __ax;
											 *(__esp + 0x14) = __ebp;
											goto L346;
										}
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L351;
										}
										goto L350;
									}
									__eflags =  *(__esp + 0x44) - __dx;
									if( *(__esp + 0x44) == __dx) {
										goto L347;
									}
									 *(__esi + __ebp * 2) = __ax;
									__ebp =  &(__ebp[0]);
									__ecx = __ax & 0x0000ffff;
									 *(__esp + 0x14) = __ebp;
									 *(__esp + 0x44) = __ax & 0x0000ffff;
									__eflags = __ax;
									if(__ax == 0) {
										goto L346;
									}
									goto L345;
								}
								__eflags = __ebp;
								if(__ebp != 0) {
									goto L339;
								}
								__eax = E0040672B(__ecx, __ebx);
								__eflags = __eax;
								if(__eax < 0) {
									goto L346;
								}
								__ecx =  *(__esp + 0x18);
								goto L339;
							}
							_push(__ebx);
							__eax = __esp + 0x44;
							_push(__esp + 0x44);
							_push(2);
							_pop(__eax);
							__eax = __esp + 0x1c;
							__eax = ReadFile(__ecx, __esp + 0x1c, __eax, ??, ??);
							__eflags = __eax;
							if(__eax == 0) {
								goto L346;
							}
							__ecx =  *(__esp + 0x40);
							 *(__esp + 0x1c) = __ecx;
							__eflags = __ecx;
							if(__ecx == 0) {
								goto L346;
							}
							__eax =  *(__esp + 0x10) & 0x000000ff;
							 *(__esp + 0x20) =  *(__esp + 0x10) & 0x000000ff;
							__eflags =  *(__esp + 0x34) - __ebx;
							if( *(__esp + 0x34) != __ebx) {
								goto L352;
							}
							__esp + 0x24 = __esp + 0x1c;
							__eax = MultiByteToWideChar(__ebx, 8, __esp + 0x1c, __ecx, __esp + 0x24, __edi);
							__eflags = __eax;
							if(__eax != 0) {
								goto L340;
							}
							__ecx =  *(__esp + 0x1c);
							__edx = __ecx;
							__edx =  ~__ecx;
							while(1) {
								_t376 = __esp + 0x40;
								 *_t376 =  *(__esp + 0x40) - 1;
								__eflags =  *_t376;
								__eax = 0xfffd;
								 *(__esp + 0x20) = 0xfffd;
								if( *_t376 == 0) {
									goto L341;
								}
								__ecx = __ecx - 1;
								__edx =  &(__edx->i);
								 *(__esp + 0x2c) = __ecx;
								 *(__esp + 0x64) = __edx;
								SetFilePointer( *(__esp + 0x24), __edx, __ebx, __edi) = __esp + 0x24;
								__eax = __esp + 0x1c;
								__eax = MultiByteToWideChar(__ebx, 8, __esp + 0x1c,  *(__esp + 0x48), __esp + 0x24, __edi);
								__ecx =  *(__esp + 0x1c);
								__edx =  *(__esp + 0x54);
								__eflags = __eax;
								if(__eax == 0) {
									continue;
								}
								goto L340;
							}
							goto L341;
							L345:
							__ecx =  *(__esp + 0x18);
							__eflags = __ebp -  *(__esp + 0x48);
						} while (__ebp <  *(__esp + 0x48));
						goto L346;
					case 0x37:
						__eflags =  *__ebp - __bx;
						if( *__ebp == __bx) {
							goto L404;
						}
						__eax = E004032D6(2);
						__eax = E00407183(__ebp);
						__eax = SetFilePointer(__eax, __eax, 0,  *(__esp + 0x34));
						__eflags =  *(__esp + 0x2c);
						if( *(__esp + 0x2c) < 0) {
							goto L404;
						}
						goto L355;
					case 0x38:
						__eax = E00407183(__ebp);
						__eflags = __eax;
						if(__eax != 0) {
							__eax = FindClose(__eax);
						}
						goto L404;
					case 0x39:
						__eax = E00407183(__esi);
						__eflags = __eax;
						if(__eax == 0) {
							L72:
							0 = 1;
							__ecx = 0;
							 *__ebp = __cx;
							goto L405;
						}
						__ecx = __esp + 0x194;
						__eax = FindNextFileW(__eax, __esp + 0x194);
						__eflags = __eax;
						if(__eax == 0) {
							goto L72;
						}
						goto L360;
					case 0x3a:
						__eax = E00403312(__edx, 2);
						__ecx = __esp + 0x194;
						__eax = FindFirstFileW(__eax, __esp + 0x194);
						__eflags = __eax - 0xffffffff;
						if(__eax != 0xffffffff) {
							__eax = E00406A5B(__esi, __eax);
							L360:
							__eax = __esp + 0x1c0;
							_push(__esp + 0x1c0);
							_push(__ebp);
							goto L170;
						}
						__eax = 0;
						 *__esi = __ax;
						L310:
						__eax = 0;
						 *__ebp = __ax;
						goto L30;
					case 0x3b:
						__esi = 0xfffffd66;
						__ebp = E00403312(__edx, 0xfffffff0);
						 *(__esp + 0x58) = __ebp;
						__eax = E0040730E(__ebp);
						__eflags = __eax;
						if(__eax == 0) {
							__eax = E00403312(__edx, 0xffffffed);
						}
						__eax = E004070FB(__ebp);
						0 = E00406E83(__ebp, 0x40000000, 2);
						 *(__esp + 0x90) = __edi;
						__eflags = __edi - 0xffffffff;
						if(__edi == 0xffffffff) {
							L377:
							_push(__ebp);
							__eax = E00406AF2(L"created uninstaller: %d, \"%s\"", __esi);
							_push(0xfffffff3);
							_pop(__edi);
							__eflags = __esi;
							if(__esi < 0) {
								_push(0xffffffef);
								_pop(__edi);
								__eax = DeleteFileW(__ebp);
								 *(__esp + 0x10) = 1;
							}
							__eax = E004033F1(__edi);
							goto L404;
						} else {
							__eax =  *0x47e228;
							 *(__esp + 0x1c) = __eax;
							__esi = __eax;
							 *(__esp + 0x48) = __esi;
							__eflags = __esi;
							if(__esi == 0) {
								__esi = 0xfffffd66;
								L376:
								__eax = CloseHandle(__edi);
								goto L377;
							}
							E00403418(__ebx) = E00403402(__esi,  *(__esp + 0x14));
							0 = GlobalAlloc(0x40,  *(__esp + 0x30));
							 *(__esp + 0x4c) = __edi;
							__eflags = __edi;
							if(__edi == 0) {
								L374:
								__edi =  *(__esp + 0x94);
								E00406F77(__ecx, __edi, __esi,  *(__esp + 0x14)) = GlobalFree(__esi);
								__esi = E0040342F(0xffffffff, __edi, __ebx, __ebx);
								goto L376;
							}
							__eax = E0040342F( *(__esp + 0x38), __ebx, __edi,  *(__esp + 0x30));
							__eflags =  *__edi - __bl;
							if( *__edi == __bl) {
								L373:
								__eax = GlobalFree( *(__esp + 0x4c));
								goto L374;
							}
							__ebp = __esi;
							do {
								__esi =  *__edi;
								__eax =  *(__edi + 4);
								__edi = __edi + 8;
								__eax = E00406BBE(__eax, 0, __esi);
								__edi = __edi + __esi;
								__eflags =  *__edi - __bl;
							} while ( *__edi != __bl);
							__ebp =  *(__esp + 0x54);
							__esi =  *(__esp + 0x48);
							goto L373;
						}
					case 0x3c:
						__eflags = __edi;
						if(__edi == 0) {
							_push(E00403312(__edx, 1));
							_push(L"%s");
							L58:
							__eax = E00406AF2();
							_pop(__ecx);
							L59:
							_pop(__ecx);
							goto L404;
						}
						E00406AF2(L"settings logging to %d", __ecx) =  *(__esp + 0x34);
						 *0x46d1a0 =  *(__esp + 0x34);
						__eax = E00406AF2(L"logging set to %d",  *(__esp + 0x34));
						__eflags =  *(__esp + 0x2c);
						if( *(__esp + 0x2c) == 0) {
							__eax = E00406B24(1);
						} else {
							__eax = E00405A4C();
						}
						goto L404;
					case 0x3d:
						__eax = E004032D6(0);
						__ebx = __eax;
						__eflags = __ebx -  *0x47e24c;
						if(__ebx >=  *0x47e24c) {
							goto L30;
						}
						__ecx =  *(__esp + 0x30);
						__edi = __ebx * 0x4018;
						__edi = __ebx * 0x4018 +  *0x47e248;
						__eflags = __ecx;
						if(__eflags < 0) {
							__eax = __eax | 0xffffffff;
							__eax = __eax - __ecx;
							__eflags = __eax;
							 *(__esp + 0x30) = __eax;
							if(__eax == 0) {
								0x18 = E00406119(0x18,  *(__esp + 0x38));
								_t441 = __edi + 8;
								 *_t441 =  *(__edi + 8) | 0x00000100;
								__eflags =  *_t441;
								__ecx =  *(__esp + 0x2c);
							} else {
								__ecx = E004032D6(1);
								 *(__esp + 0x2c) = __ecx;
							}
							__eax =  *(__esp + 0x30);
							 *(__edi +  *(__esp + 0x30) * 4) = __ecx;
							__eflags =  *(__esp + 0x34);
							if( *(__esp + 0x34) != 0) {
								__eax = E0040122B(__ebx);
							}
							goto L404;
						}
						__eax =  *(__edi + __ecx * 4);
						if(__eflags != 0) {
							goto L355;
						}
						__eax = __edi + 0x18;
						_push(__edi + 0x18);
						_push(__esi);
						L170:
						__eax = E0040708C();
						goto L404;
					case 0x3e:
						0 = E004032D6(0);
						__eflags = __edi - 0x20;
						if(__edi >= 0x20) {
							L30:
							0 = 1;
							goto L405;
						}
						__eflags =  *(__esp + 0x34);
						if( *(__esp + 0x34) == 0) {
							__eax =  *0x47e230;
							__eflags =  *(__esp + 0x30);
							if( *(__esp + 0x30) == 0) {
								__eax = E00406119(__esi,  *(__eax + 0x94 + __edi * 4));
							} else {
								__ecx =  *(__esp + 0x2c);
								 *(__eax + 0x94 + __edi * 4) =  *(__esp + 0x2c);
							}
							goto L404;
						}
						__eflags =  *(__esp + 0x30);
						if( *(__esp + 0x30) == 0) {
							_push(0);
							__eax = E004011A0();
							L355:
							_push(__eax);
							_push(__esi);
							L21:
							__eax = E00406A5B();
							goto L404;
						}
						E0040129A(__edi) = E004012E7(0, 0);
						goto L404;
					case 0x3f:
						goto L404;
					case 0x40:
						 *0x441d40 =  *0x441d40 & 0;
						__eax = SendMessageW(__edx, 0xb,  *0x441d40 & 0, 0); // executed
						__eflags =  *(__esp + 0x28);
						if( *(__esp + 0x28) != 0) {
							 *(__esp + 0x1c) = InvalidateRect( *(__esp + 0x1c), 0, 0);
						}
						goto L404;
				}
			}










                                                                                                                                0x0040151a
                                                                                                                                0x0040151f
                                                                                                                                0x00401523
                                                                                                                                0x00401523
                                                                                                                                0x0040152b
                                                                                                                                0x0040153b
                                                                                                                                0x00401543
                                                                                                                                0x00401547
                                                                                                                                0x00401550
                                                                                                                                0x00401553
                                                                                                                                0x00401557
                                                                                                                                0x0040155e
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403173
                                                                                                                                0x00403179
                                                                                                                                0x00000000
                                                                                                                                0x00403179
                                                                                                                                0x00401564
                                                                                                                                0x00000000
                                                                                                                                0x00401571
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040158d
                                                                                                                                0x00401592
                                                                                                                                0x00401593
                                                                                                                                0x00401594
                                                                                                                                0x00401595
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004015a8
                                                                                                                                0x004015ae
                                                                                                                                0x004015b0
                                                                                                                                0x004015b3
                                                                                                                                0x004015b3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004015c1
                                                                                                                                0x004015c1
                                                                                                                                0x004015ca
                                                                                                                                0x004015cf
                                                                                                                                0x004015d0
                                                                                                                                0x004015d1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004015e9
                                                                                                                                0x004015ee
                                                                                                                                0x004015ef
                                                                                                                                0x004015f0
                                                                                                                                0x004015f1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401605
                                                                                                                                0x0040160d
                                                                                                                                0x00401617
                                                                                                                                0x00401618
                                                                                                                                0x0040161a
                                                                                                                                0x0040161e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401629
                                                                                                                                0x0040162e
                                                                                                                                0x00401633
                                                                                                                                0x00401637
                                                                                                                                0x00401639
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004016ce
                                                                                                                                0x004016d3
                                                                                                                                0x004016d9
                                                                                                                                0x004016db
                                                                                                                                0x004016df
                                                                                                                                0x004016e1
                                                                                                                                0x004016e1
                                                                                                                                0x004016e5
                                                                                                                                0x004016ea
                                                                                                                                0x004016ec
                                                                                                                                0x004016f4
                                                                                                                                0x004016f4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004016fd
                                                                                                                                0x00401702
                                                                                                                                0x00401706
                                                                                                                                0x0040170e
                                                                                                                                0x0040171b
                                                                                                                                0x00401721
                                                                                                                                0x00401723
                                                                                                                                0x00000000
                                                                                                                                0x00401729
                                                                                                                                0x00401729
                                                                                                                                0x00000000
                                                                                                                                0x00401729
                                                                                                                                0x00000000
                                                                                                                                0x0040173e
                                                                                                                                0x00401743
                                                                                                                                0x00401747
                                                                                                                                0x0040174f
                                                                                                                                0x0040175d
                                                                                                                                0x0040175f
                                                                                                                                0x00401761
                                                                                                                                0x004017f3
                                                                                                                                0x004017f3
                                                                                                                                0x004017f8
                                                                                                                                0x004017fd
                                                                                                                                0x0040183f
                                                                                                                                0x00000000
                                                                                                                                0x0040183f
                                                                                                                                0x004017ff
                                                                                                                                0x0040180c
                                                                                                                                0x00401812
                                                                                                                                0x00401818
                                                                                                                                0x0040181a
                                                                                                                                0x00000000
                                                                                                                                0x00401820
                                                                                                                                0x00401826
                                                                                                                                0x00401832
                                                                                                                                0x00401839
                                                                                                                                0x00000000
                                                                                                                                0x00401839
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401767
                                                                                                                                0x00401767
                                                                                                                                0x0040176f
                                                                                                                                0x00401771
                                                                                                                                0x00401773
                                                                                                                                0x00401776
                                                                                                                                0x00401779
                                                                                                                                0x0040177c
                                                                                                                                0x00401795
                                                                                                                                0x00401796
                                                                                                                                0x0040179b
                                                                                                                                0x0040179b
                                                                                                                                0x0040179d
                                                                                                                                0x004017dd
                                                                                                                                0x004017e2
                                                                                                                                0x004017e2
                                                                                                                                0x004017e3
                                                                                                                                0x00000000
                                                                                                                                0x004017e3
                                                                                                                                0x0040179f
                                                                                                                                0x004017a4
                                                                                                                                0x004017bc
                                                                                                                                0x004017c2
                                                                                                                                0x004017c4
                                                                                                                                0x00000000
                                                                                                                                0x004017c6
                                                                                                                                0x004017cc
                                                                                                                                0x004017d1
                                                                                                                                0x00000000
                                                                                                                                0x004017d1
                                                                                                                                0x004017a6
                                                                                                                                0x004017a6
                                                                                                                                0x004017ad
                                                                                                                                0x004017b5
                                                                                                                                0x00000000
                                                                                                                                0x004017b5
                                                                                                                                0x004017a4
                                                                                                                                0x0040177e
                                                                                                                                0x00401782
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401784
                                                                                                                                0x00401789
                                                                                                                                0x0040178b
                                                                                                                                0x00000000
                                                                                                                                0x0040178d
                                                                                                                                0x0040178e
                                                                                                                                0x00000000
                                                                                                                                0x0040178e
                                                                                                                                0x004017e4
                                                                                                                                0x004017e4
                                                                                                                                0x004017e7
                                                                                                                                0x004017ea
                                                                                                                                0x004017ea
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040184c
                                                                                                                                0x0040184f
                                                                                                                                0x00401854
                                                                                                                                0x00401856
                                                                                                                                0x00401858
                                                                                                                                0x00401867
                                                                                                                                0x00000000
                                                                                                                                0x0040186b
                                                                                                                                0x00401873
                                                                                                                                0x0040187d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401644
                                                                                                                                0x00401648
                                                                                                                                0x00401680
                                                                                                                                0x00401687
                                                                                                                                0x00000000
                                                                                                                                0x0040164a
                                                                                                                                0x0040164a
                                                                                                                                0x00401653
                                                                                                                                0x0040165f
                                                                                                                                0x00401661
                                                                                                                                0x00401665
                                                                                                                                0x00401666
                                                                                                                                0x00401667
                                                                                                                                0x0040166c
                                                                                                                                0x00000000
                                                                                                                                0x0040166c
                                                                                                                                0x00000000
                                                                                                                                0x00401693
                                                                                                                                0x00401697
                                                                                                                                0x00401699
                                                                                                                                0x0040169b
                                                                                                                                0x0040169c
                                                                                                                                0x004016a3
                                                                                                                                0x004016a5
                                                                                                                                0x004016ac
                                                                                                                                0x004016b3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004016bc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401897
                                                                                                                                0x004018a0
                                                                                                                                0x004018a7
                                                                                                                                0x004018af
                                                                                                                                0x004018b4
                                                                                                                                0x004018b5
                                                                                                                                0x004018b8
                                                                                                                                0x004018be
                                                                                                                                0x004018c0
                                                                                                                                0x004018ce
                                                                                                                                0x004018d3
                                                                                                                                0x00401904
                                                                                                                                0x00401904
                                                                                                                                0x00401905
                                                                                                                                0x00000000
                                                                                                                                0x00401905
                                                                                                                                0x004018d6
                                                                                                                                0x004018db
                                                                                                                                0x004018dd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004018ed
                                                                                                                                0x004018f2
                                                                                                                                0x004018f3
                                                                                                                                0x00000000
                                                                                                                                0x004018f3
                                                                                                                                0x004018c2
                                                                                                                                0x004018c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040191b
                                                                                                                                0x0040191d
                                                                                                                                0x00401922
                                                                                                                                0x0040192a
                                                                                                                                0x00401930
                                                                                                                                0x00401932
                                                                                                                                0x00401942
                                                                                                                                0x00401946
                                                                                                                                0x00401948
                                                                                                                                0x00401966
                                                                                                                                0x00401966
                                                                                                                                0x0040196a
                                                                                                                                0x0040196a
                                                                                                                                0x0040196e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401977
                                                                                                                                0x00000000
                                                                                                                                0x00401977
                                                                                                                                0x0040194a
                                                                                                                                0x0040194d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401950
                                                                                                                                0x00401955
                                                                                                                                0x00401957
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401959
                                                                                                                                0x00401961
                                                                                                                                0x00000000
                                                                                                                                0x00401961
                                                                                                                                0x00401934
                                                                                                                                0x00401936
                                                                                                                                0x00401937
                                                                                                                                0x00401939
                                                                                                                                0x0040193d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401984
                                                                                                                                0x00401989
                                                                                                                                0x00401997
                                                                                                                                0x0040199d
                                                                                                                                0x0040199f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004019b5
                                                                                                                                0x004019bc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004019d0
                                                                                                                                0x004019d5
                                                                                                                                0x004019d9
                                                                                                                                0x004019db
                                                                                                                                0x004019dd
                                                                                                                                0x004019e1
                                                                                                                                0x004019e4
                                                                                                                                0x004019e7
                                                                                                                                0x004019eb
                                                                                                                                0x004019f2
                                                                                                                                0x004019fb
                                                                                                                                0x00401a00
                                                                                                                                0x00401a01
                                                                                                                                0x00401a06
                                                                                                                                0x00401a08
                                                                                                                                0x00401a18
                                                                                                                                0x00401a24
                                                                                                                                0x00401a0a
                                                                                                                                0x00401a0a
                                                                                                                                0x00401a0b
                                                                                                                                0x00401a0b
                                                                                                                                0x00401a2a
                                                                                                                                0x00401a2f
                                                                                                                                0x00401a31
                                                                                                                                0x00401a31
                                                                                                                                0x00401a32
                                                                                                                                0x00401a32
                                                                                                                                0x00401a35
                                                                                                                                0x00401a38
                                                                                                                                0x00401a3d
                                                                                                                                0x00401a3f
                                                                                                                                0x00401a41
                                                                                                                                0x00401a43
                                                                                                                                0x00401a47
                                                                                                                                0x00401a47
                                                                                                                                0x00401a52
                                                                                                                                0x00401a52
                                                                                                                                0x00401a54
                                                                                                                                0x00401a57
                                                                                                                                0x00401a5d
                                                                                                                                0x00401a5f
                                                                                                                                0x00401a61
                                                                                                                                0x00401a63
                                                                                                                                0x00401a63
                                                                                                                                0x00401a63
                                                                                                                                0x00401a64
                                                                                                                                0x00401a66
                                                                                                                                0x00401a69
                                                                                                                                0x00401a69
                                                                                                                                0x00401a6e
                                                                                                                                0x00401a70
                                                                                                                                0x00401a75
                                                                                                                                0x00401a7d
                                                                                                                                0x00401a82
                                                                                                                                0x00401a86
                                                                                                                                0x00401a89
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401a8f
                                                                                                                                0x00401a91
                                                                                                                                0x00401b30
                                                                                                                                0x00401b37
                                                                                                                                0x00401b3c
                                                                                                                                0x00401b43
                                                                                                                                0x00401b4b
                                                                                                                                0x00401b4d
                                                                                                                                0x00000000
                                                                                                                                0x00401b4d
                                                                                                                                0x00401a9d
                                                                                                                                0x00401aa2
                                                                                                                                0x00401aa3
                                                                                                                                0x00401ab9
                                                                                                                                0x00401ad6
                                                                                                                                0x00401adf
                                                                                                                                0x00401ae8
                                                                                                                                0x00401aed
                                                                                                                                0x00401aed
                                                                                                                                0x00401af0
                                                                                                                                0x00401b02
                                                                                                                                0x00401b02
                                                                                                                                0x00401b05
                                                                                                                                0x00401b1a
                                                                                                                                0x00401b1f
                                                                                                                                0x00401b24
                                                                                                                                0x00401b2a
                                                                                                                                0x00000000
                                                                                                                                0x00401b2a
                                                                                                                                0x00401b07
                                                                                                                                0x00401b0c
                                                                                                                                0x00401b11
                                                                                                                                0x00401b12
                                                                                                                                0x00401b13
                                                                                                                                0x00401599
                                                                                                                                0x00401599
                                                                                                                                0x00000000
                                                                                                                                0x00401599
                                                                                                                                0x00401af2
                                                                                                                                0x00401af7
                                                                                                                                0x00401afc
                                                                                                                                0x00401afc
                                                                                                                                0x00401b58
                                                                                                                                0x00401b5f
                                                                                                                                0x00401b64
                                                                                                                                0x00401b74
                                                                                                                                0x00401b79
                                                                                                                                0x00401b7f
                                                                                                                                0x00401b81
                                                                                                                                0x00401b88
                                                                                                                                0x00401b90
                                                                                                                                0x00401b95
                                                                                                                                0x00401b9e
                                                                                                                                0x00401ba9
                                                                                                                                0x00401baf
                                                                                                                                0x00401bb3
                                                                                                                                0x00401bb9
                                                                                                                                0x00401bbb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401bc1
                                                                                                                                0x00401bc4
                                                                                                                                0x00401bda
                                                                                                                                0x00401bc6
                                                                                                                                0x00401bd0
                                                                                                                                0x00401bd0
                                                                                                                                0x00401be5
                                                                                                                                0x00401bea
                                                                                                                                0x00401beb
                                                                                                                                0x00401bec
                                                                                                                                0x00401bf1
                                                                                                                                0x00000000
                                                                                                                                0x00401bf1
                                                                                                                                0x00401b97
                                                                                                                                0x00401b9c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401bfd
                                                                                                                                0x00401c02
                                                                                                                                0x00401c04
                                                                                                                                0x00401c05
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c22
                                                                                                                                0x00401c27
                                                                                                                                0x00401c29
                                                                                                                                0x00401c33
                                                                                                                                0x00401c40
                                                                                                                                0x00401c45
                                                                                                                                0x00401c47
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c4d
                                                                                                                                0x00401c51
                                                                                                                                0x00401c5c
                                                                                                                                0x00401c60
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c66
                                                                                                                                0x00000000
                                                                                                                                0x00401c66
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c71
                                                                                                                                0x00401c76
                                                                                                                                0x00401c78
                                                                                                                                0x00401c79
                                                                                                                                0x00401c0a
                                                                                                                                0x00401c0a
                                                                                                                                0x00401c0f
                                                                                                                                0x00401c10
                                                                                                                                0x00401c16
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c82
                                                                                                                                0x00401c88
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401c9c
                                                                                                                                0x00401c9e
                                                                                                                                0x00401ca9
                                                                                                                                0x00401cab
                                                                                                                                0x00401cb1
                                                                                                                                0x00401cb5
                                                                                                                                0x00401cba
                                                                                                                                0x00401cbc
                                                                                                                                0x00401cbe
                                                                                                                                0x00401cc2
                                                                                                                                0x00401cc5
                                                                                                                                0x00401cc7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401ccd
                                                                                                                                0x00401ccf
                                                                                                                                0x00401cd9
                                                                                                                                0x00401cd9
                                                                                                                                0x00401cdb
                                                                                                                                0x00401ce2
                                                                                                                                0x00401ce7
                                                                                                                                0x00401cec
                                                                                                                                0x00401cee
                                                                                                                                0x00401cf6
                                                                                                                                0x00401cf6
                                                                                                                                0x00401cf6
                                                                                                                                0x00401cf8
                                                                                                                                0x00401cfa
                                                                                                                                0x00401cfc
                                                                                                                                0x00401cff
                                                                                                                                0x00401d04
                                                                                                                                0x00401d0a
                                                                                                                                0x00401d0c
                                                                                                                                0x00401d0c
                                                                                                                                0x00000000
                                                                                                                                0x00401d04
                                                                                                                                0x00401cd1
                                                                                                                                0x00401cd1
                                                                                                                                0x00401cd3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401d1f
                                                                                                                                0x00401d26
                                                                                                                                0x00401d27
                                                                                                                                0x00401d28
                                                                                                                                0x00401d2c
                                                                                                                                0x00401d41
                                                                                                                                0x00401d2e
                                                                                                                                0x00401d2e
                                                                                                                                0x00401d2e
                                                                                                                                0x00401d34
                                                                                                                                0x00401d36
                                                                                                                                0x00000000
                                                                                                                                0x00401d3c
                                                                                                                                0x00000000
                                                                                                                                0x00401d3c
                                                                                                                                0x00000000
                                                                                                                                0x00401d49
                                                                                                                                0x00401d4b
                                                                                                                                0x00401d4b
                                                                                                                                0x00401d4d
                                                                                                                                0x00401d52
                                                                                                                                0x00401d57
                                                                                                                                0x00401d5b
                                                                                                                                0x00401d61
                                                                                                                                0x00401d63
                                                                                                                                0x00401d77
                                                                                                                                0x00401d77
                                                                                                                                0x00401d79
                                                                                                                                0x00401d7b
                                                                                                                                0x00000000
                                                                                                                                0x00401d65
                                                                                                                                0x00401d65
                                                                                                                                0x00401d69
                                                                                                                                0x00401d81
                                                                                                                                0x00401d81
                                                                                                                                0x00401d85
                                                                                                                                0x00401d85
                                                                                                                                0x00401d87
                                                                                                                                0x00000000
                                                                                                                                0x00401d87
                                                                                                                                0x00401d6d
                                                                                                                                0x00401d73
                                                                                                                                0x00401d75
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401d75
                                                                                                                                0x00000000
                                                                                                                                0x00401d93
                                                                                                                                0x00401d9f
                                                                                                                                0x00401da1
                                                                                                                                0x00401da8
                                                                                                                                0x00401daa
                                                                                                                                0x00401dc3
                                                                                                                                0x00401dc5
                                                                                                                                0x00401c53
                                                                                                                                0x00401c53
                                                                                                                                0x00000000
                                                                                                                                0x00401c53
                                                                                                                                0x00401dcb
                                                                                                                                0x00401885
                                                                                                                                0x00401885
                                                                                                                                0x00000000
                                                                                                                                0x00401885
                                                                                                                                0x00401dba
                                                                                                                                0x00401dba
                                                                                                                                0x00000000
                                                                                                                                0x00401dba
                                                                                                                                0x00401dac
                                                                                                                                0x00401dae
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401db4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401dd3
                                                                                                                                0x00401dd5
                                                                                                                                0x00401dde
                                                                                                                                0x00401de7
                                                                                                                                0x00401de9
                                                                                                                                0x00401ded
                                                                                                                                0x00401df0
                                                                                                                                0x00401e64
                                                                                                                                0x00401e64
                                                                                                                                0x00000000
                                                                                                                                0x00401e64
                                                                                                                                0x00401df2
                                                                                                                                0x00000000
                                                                                                                                0x00401df9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401dfd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e01
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e06
                                                                                                                                0x00401e08
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e0a
                                                                                                                                0x00401e0c
                                                                                                                                0x00401e0d
                                                                                                                                0x00401e0d
                                                                                                                                0x00401e0d
                                                                                                                                0x00401e0f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e22
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e26
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e2a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e2e
                                                                                                                                0x00401e30
                                                                                                                                0x00401e32
                                                                                                                                0x00401e35
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e39
                                                                                                                                0x00401e3b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e45
                                                                                                                                0x00401e47
                                                                                                                                0x00401e3d
                                                                                                                                0x00401e3d
                                                                                                                                0x00401e3f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e41
                                                                                                                                0x00401e41
                                                                                                                                0x00000000
                                                                                                                                0x00401e41
                                                                                                                                0x00401e49
                                                                                                                                0x00401e49
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e4d
                                                                                                                                0x00401e4f
                                                                                                                                0x00401e13
                                                                                                                                0x00401e13
                                                                                                                                0x00401e15
                                                                                                                                0x00401e15
                                                                                                                                0x00401e17
                                                                                                                                0x00401e19
                                                                                                                                0x00401e1c
                                                                                                                                0x00000000
                                                                                                                                0x00401e1c
                                                                                                                                0x00401e51
                                                                                                                                0x00401e53
                                                                                                                                0x00401e54
                                                                                                                                0x00401e54
                                                                                                                                0x00401e54
                                                                                                                                0x00401e56
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e5a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e5e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e62
                                                                                                                                0x00401e62
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e73
                                                                                                                                0x00401e7d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e88
                                                                                                                                0x00401e8c
                                                                                                                                0x00401e8e
                                                                                                                                0x00401e94
                                                                                                                                0x00401e96
                                                                                                                                0x00401ef9
                                                                                                                                0x00401efb
                                                                                                                                0x00401f2f
                                                                                                                                0x00401f39
                                                                                                                                0x00401f3b
                                                                                                                                0x00401f3f
                                                                                                                                0x00401f44
                                                                                                                                0x00401f49
                                                                                                                                0x00401f4b
                                                                                                                                0x00000000
                                                                                                                                0x00401f4b
                                                                                                                                0x00401efd
                                                                                                                                0x00401eff
                                                                                                                                0x00401f0b
                                                                                                                                0x00401f10
                                                                                                                                0x00401f15
                                                                                                                                0x00401f17
                                                                                                                                0x00401f1c
                                                                                                                                0x00000000
                                                                                                                                0x00401f1c
                                                                                                                                0x00401f01
                                                                                                                                0x0040172e
                                                                                                                                0x0040172e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e98
                                                                                                                                0x00401e98
                                                                                                                                0x00401e98
                                                                                                                                0x00401e99
                                                                                                                                0x00401e9b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e9d
                                                                                                                                0x00401e9f
                                                                                                                                0x00401ea1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401ea3
                                                                                                                                0x00401ea5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401ea7
                                                                                                                                0x00401eaa
                                                                                                                                0x00401eb1
                                                                                                                                0x00401eb6
                                                                                                                                0x00401ec0
                                                                                                                                0x00401ec5
                                                                                                                                0x00401eca
                                                                                                                                0x00401ecb
                                                                                                                                0x00401ecb
                                                                                                                                0x00401ece
                                                                                                                                0x00000000
                                                                                                                                0x00401ece
                                                                                                                                0x00401edf
                                                                                                                                0x00401ee4
                                                                                                                                0x00401ee5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401f5d
                                                                                                                                0x00401f61
                                                                                                                                0x00401f6a
                                                                                                                                0x00401f6c
                                                                                                                                0x00401f72
                                                                                                                                0x00401f74
                                                                                                                                0x00401f78
                                                                                                                                0x00401f7d
                                                                                                                                0x00401f7f
                                                                                                                                0x00401f83
                                                                                                                                0x00401f83
                                                                                                                                0x00401f87
                                                                                                                                0x00401f89
                                                                                                                                0x00401f92
                                                                                                                                0x00401f92
                                                                                                                                0x00401f94
                                                                                                                                0x00401f99
                                                                                                                                0x00401f9b
                                                                                                                                0x00401ff3
                                                                                                                                0x00401ff5
                                                                                                                                0x00401ffa
                                                                                                                                0x00401ffc
                                                                                                                                0x00402003
                                                                                                                                0x00402005
                                                                                                                                0x00402008
                                                                                                                                0x00402011
                                                                                                                                0x00000000
                                                                                                                                0x00401f9d
                                                                                                                                0x00401fa4
                                                                                                                                0x00401fa8
                                                                                                                                0x00401faf
                                                                                                                                0x00401fb3
                                                                                                                                0x00401fb6
                                                                                                                                0x00401fb8
                                                                                                                                0x00401fe4
                                                                                                                                0x00402017
                                                                                                                                0x00402017
                                                                                                                                0x00402019
                                                                                                                                0x0040201d
                                                                                                                                0x00402021
                                                                                                                                0x00402021
                                                                                                                                0x00402025
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040202b
                                                                                                                                0x00000000
                                                                                                                                0x0040202b
                                                                                                                                0x00401fba
                                                                                                                                0x00401fc8
                                                                                                                                0x00401fce
                                                                                                                                0x00401fd2
                                                                                                                                0x00401fd4
                                                                                                                                0x00401fd7
                                                                                                                                0x00000000
                                                                                                                                0x00401fd7
                                                                                                                                0x00000000
                                                                                                                                0x00402032
                                                                                                                                0x00402039
                                                                                                                                0x0040203f
                                                                                                                                0x00402043
                                                                                                                                0x00402045
                                                                                                                                0x0040204a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040205a
                                                                                                                                0x0040205c
                                                                                                                                0x00402065
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402070
                                                                                                                                0x00402077
                                                                                                                                0x00402083
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402096
                                                                                                                                0x0040209e
                                                                                                                                0x004020a8
                                                                                                                                0x004020b1
                                                                                                                                0x004020bc
                                                                                                                                0x004020c3
                                                                                                                                0x004020d1
                                                                                                                                0x004020d7
                                                                                                                                0x004020d9
                                                                                                                                0x004020e0
                                                                                                                                0x004020e0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004020f4
                                                                                                                                0x00402101
                                                                                                                                0x00402103
                                                                                                                                0x0040210b
                                                                                                                                0x00402113
                                                                                                                                0x0040211e
                                                                                                                                0x00402126
                                                                                                                                0x0040212c
                                                                                                                                0x00402134
                                                                                                                                0x0040213b
                                                                                                                                0x0040213d
                                                                                                                                0x00402144
                                                                                                                                0x00402149
                                                                                                                                0x0040214b
                                                                                                                                0x0040214d
                                                                                                                                0x00402155
                                                                                                                                0x0040215a
                                                                                                                                0x00402160
                                                                                                                                0x0040216a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040217d
                                                                                                                                0x00402184
                                                                                                                                0x00402188
                                                                                                                                0x0040218c
                                                                                                                                0x0040218e
                                                                                                                                0x00402193
                                                                                                                                0x00402198
                                                                                                                                0x00402198
                                                                                                                                0x00402199
                                                                                                                                0x0040219a
                                                                                                                                0x0040219b
                                                                                                                                0x0040219f
                                                                                                                                0x004021ac
                                                                                                                                0x004021a1
                                                                                                                                0x004021a1
                                                                                                                                0x004021a1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004021bf
                                                                                                                                0x004021c8
                                                                                                                                0x004021d1
                                                                                                                                0x004021df
                                                                                                                                0x004021e4
                                                                                                                                0x004021e8
                                                                                                                                0x004021ec
                                                                                                                                0x004021f0
                                                                                                                                0x004021f2
                                                                                                                                0x004021f6
                                                                                                                                0x004021fa
                                                                                                                                0x004021fe
                                                                                                                                0x00402201
                                                                                                                                0x00402205
                                                                                                                                0x00402208
                                                                                                                                0x0040220c
                                                                                                                                0x0040220e
                                                                                                                                0x00402211
                                                                                                                                0x00402219
                                                                                                                                0x0040221c
                                                                                                                                0x00402220
                                                                                                                                0x00402225
                                                                                                                                0x0040222a
                                                                                                                                0x0040222c
                                                                                                                                0x0040224a
                                                                                                                                0x0040224f
                                                                                                                                0x00402264
                                                                                                                                0x00402264
                                                                                                                                0x0040226a
                                                                                                                                0x0040226b
                                                                                                                                0x0040226c
                                                                                                                                0x0040226d
                                                                                                                                0x00401673
                                                                                                                                0x00401673
                                                                                                                                0x00401678
                                                                                                                                0x00401678
                                                                                                                                0x00000000
                                                                                                                                0x00401678
                                                                                                                                0x00402234
                                                                                                                                0x00402235
                                                                                                                                0x00402236
                                                                                                                                0x0040223d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040227d
                                                                                                                                0x00402285
                                                                                                                                0x0040228a
                                                                                                                                0x0040228b
                                                                                                                                0x0040228f
                                                                                                                                0x0040229a
                                                                                                                                0x0040229c
                                                                                                                                0x0040229d
                                                                                                                                0x0040229f
                                                                                                                                0x004022e8
                                                                                                                                0x0040190a
                                                                                                                                0x0040190a
                                                                                                                                0x0040190f
                                                                                                                                0x00401733
                                                                                                                                0x00401733
                                                                                                                                0x00000000
                                                                                                                                0x00401733
                                                                                                                                0x004022a1
                                                                                                                                0x004022a6
                                                                                                                                0x004022ab
                                                                                                                                0x004022b0
                                                                                                                                0x004022b1
                                                                                                                                0x004022b2
                                                                                                                                0x004022b5
                                                                                                                                0x004022ba
                                                                                                                                0x004022bf
                                                                                                                                0x004022c1
                                                                                                                                0x004022cc
                                                                                                                                0x004022d2
                                                                                                                                0x004022d3
                                                                                                                                0x004022d5
                                                                                                                                0x004022d8
                                                                                                                                0x004022c3
                                                                                                                                0x004022c5
                                                                                                                                0x004022c5
                                                                                                                                0x004022c1
                                                                                                                                0x004022dc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004022f4
                                                                                                                                0x004022ff
                                                                                                                                0x00402301
                                                                                                                                0x00402303
                                                                                                                                0x00402316
                                                                                                                                0x00402318
                                                                                                                                0x0040231c
                                                                                                                                0x00000000
                                                                                                                                0x0040231c
                                                                                                                                0x00402309
                                                                                                                                0x0040230e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402326
                                                                                                                                0x0040232b
                                                                                                                                0x0040232f
                                                                                                                                0x00402333
                                                                                                                                0x00402334
                                                                                                                                0x00402337
                                                                                                                                0x0040233e
                                                                                                                                0x00402340
                                                                                                                                0x00402342
                                                                                                                                0x00402346
                                                                                                                                0x00402349
                                                                                                                                0x0040234a
                                                                                                                                0x0040234e
                                                                                                                                0x00402352
                                                                                                                                0x00402354
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402363
                                                                                                                                0x00402365
                                                                                                                                0x00402367
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402376
                                                                                                                                0x00402378
                                                                                                                                0x0040237d
                                                                                                                                0x0040237e
                                                                                                                                0x00402382
                                                                                                                                0x00402386
                                                                                                                                0x00402387
                                                                                                                                0x0040238b
                                                                                                                                0x0040238d
                                                                                                                                0x0040238f
                                                                                                                                0x00402391
                                                                                                                                0x00402395
                                                                                                                                0x00402396
                                                                                                                                0x0040239a
                                                                                                                                0x0040239b
                                                                                                                                0x004023a0
                                                                                                                                0x004023a1
                                                                                                                                0x004023a5
                                                                                                                                0x004023a7
                                                                                                                                0x004023b1
                                                                                                                                0x004023c1
                                                                                                                                0x004023c6
                                                                                                                                0x004023c6
                                                                                                                                0x004023a7
                                                                                                                                0x004023ca
                                                                                                                                0x00401f1d
                                                                                                                                0x00401f1d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004023d0
                                                                                                                                0x004023d2
                                                                                                                                0x004023d3
                                                                                                                                0x004023d7
                                                                                                                                0x004023dd
                                                                                                                                0x004024d6
                                                                                                                                0x004024db
                                                                                                                                0x004024e0
                                                                                                                                0x00000000
                                                                                                                                0x004024e0
                                                                                                                                0x004023eb
                                                                                                                                0x004023f2
                                                                                                                                0x004023f6
                                                                                                                                0x004023fa
                                                                                                                                0x00402409
                                                                                                                                0x0040240d
                                                                                                                                0x00402413
                                                                                                                                0x00402415
                                                                                                                                0x00402417
                                                                                                                                0x004024bf
                                                                                                                                0x004024c4
                                                                                                                                0x004024c5
                                                                                                                                0x00000000
                                                                                                                                0x004024c5
                                                                                                                                0x0040241d
                                                                                                                                0x00402427
                                                                                                                                0x00402429
                                                                                                                                0x0040242d
                                                                                                                                0x0040242f
                                                                                                                                0x00402474
                                                                                                                                0x0040247b
                                                                                                                                0x00402480
                                                                                                                                0x00402487
                                                                                                                                0x0040248f
                                                                                                                                0x0040248f
                                                                                                                                0x00402493
                                                                                                                                0x00402493
                                                                                                                                0x00402498
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040249f
                                                                                                                                0x004024a4
                                                                                                                                0x004024a6
                                                                                                                                0x004024ad
                                                                                                                                0x004024ad
                                                                                                                                0x00000000
                                                                                                                                0x004024a6
                                                                                                                                0x00402431
                                                                                                                                0x00402435
                                                                                                                                0x00402439
                                                                                                                                0x00402454
                                                                                                                                0x00402458
                                                                                                                                0x0040245d
                                                                                                                                0x00402462
                                                                                                                                0x00402467
                                                                                                                                0x0040246c
                                                                                                                                0x0040246d
                                                                                                                                0x0040246f
                                                                                                                                0x00000000
                                                                                                                                0x0040246f
                                                                                                                                0x0040243f
                                                                                                                                0x00402444
                                                                                                                                0x00402448
                                                                                                                                0x0040244a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040244c
                                                                                                                                0x0040244e
                                                                                                                                0x00000000
                                                                                                                                0x0040244e
                                                                                                                                0x004023fd
                                                                                                                                0x00402403
                                                                                                                                0x00402405
                                                                                                                                0x00402407
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004024f3
                                                                                                                                0x004024fe
                                                                                                                                0x00402509
                                                                                                                                0x00402512
                                                                                                                                0x00402516
                                                                                                                                0x0040251d
                                                                                                                                0x00402522
                                                                                                                                0x00402526
                                                                                                                                0x0040252c
                                                                                                                                0x00402530
                                                                                                                                0x00402532
                                                                                                                                0x00402534
                                                                                                                                0x00402537
                                                                                                                                0x0040253c
                                                                                                                                0x0040253f
                                                                                                                                0x00402543
                                                                                                                                0x00402549
                                                                                                                                0x0040254c
                                                                                                                                0x0040254f
                                                                                                                                0x00402553
                                                                                                                                0x00402557
                                                                                                                                0x0040255c
                                                                                                                                0x0040255e
                                                                                                                                0x00402562
                                                                                                                                0x00402562
                                                                                                                                0x00402567
                                                                                                                                0x0040256b
                                                                                                                                0x0040256c
                                                                                                                                0x0040256d
                                                                                                                                0x0040256e
                                                                                                                                0x00402572
                                                                                                                                0x0040257f
                                                                                                                                0x00402587
                                                                                                                                0x0040258b
                                                                                                                                0x0040258d
                                                                                                                                0x0040258e
                                                                                                                                0x0040258f
                                                                                                                                0x00402594
                                                                                                                                0x00402595
                                                                                                                                0x00402596
                                                                                                                                0x0040259b
                                                                                                                                0x004025a1
                                                                                                                                0x004025a3
                                                                                                                                0x00402678
                                                                                                                                0x00402678
                                                                                                                                0x0040267d
                                                                                                                                0x00402681
                                                                                                                                0x00000000
                                                                                                                                0x004025a9
                                                                                                                                0x004025a9
                                                                                                                                0x004025ad
                                                                                                                                0x004025b1
                                                                                                                                0x004025b2
                                                                                                                                0x004025b7
                                                                                                                                0x004025b8
                                                                                                                                0x004025bc
                                                                                                                                0x004025be
                                                                                                                                0x004025c0
                                                                                                                                0x004025c6
                                                                                                                                0x004025ca
                                                                                                                                0x004025ce
                                                                                                                                0x004025cf
                                                                                                                                0x004025d4
                                                                                                                                0x004025d6
                                                                                                                                0x004025da
                                                                                                                                0x004025dc
                                                                                                                                0x004025e0
                                                                                                                                0x004025e5
                                                                                                                                0x004025e6
                                                                                                                                0x004025e8
                                                                                                                                0x004025e8
                                                                                                                                0x004025eb
                                                                                                                                0x004025ed
                                                                                                                                0x004025ef
                                                                                                                                0x004025f3
                                                                                                                                0x004025f4
                                                                                                                                0x004025f5
                                                                                                                                0x004025f7
                                                                                                                                0x004025f7
                                                                                                                                0x004025fa
                                                                                                                                0x004025fe
                                                                                                                                0x00402602
                                                                                                                                0x00402603
                                                                                                                                0x00402605
                                                                                                                                0x00402608
                                                                                                                                0x0040260f
                                                                                                                                0x00402612
                                                                                                                                0x00402614
                                                                                                                                0x00402618
                                                                                                                                0x0040261c
                                                                                                                                0x0040261d
                                                                                                                                0x0040261f
                                                                                                                                0x00402620
                                                                                                                                0x00402620
                                                                                                                                0x00402623
                                                                                                                                0x00402627
                                                                                                                                0x0040262b
                                                                                                                                0x0040262c
                                                                                                                                0x0040262e
                                                                                                                                0x00402631
                                                                                                                                0x00402635
                                                                                                                                0x00402639
                                                                                                                                0x0040263a
                                                                                                                                0x0040263c
                                                                                                                                0x0040263f
                                                                                                                                0x00402641
                                                                                                                                0x00402643
                                                                                                                                0x00402647
                                                                                                                                0x00402648
                                                                                                                                0x0040264c
                                                                                                                                0x0040264e
                                                                                                                                0x00402652
                                                                                                                                0x00402652
                                                                                                                                0x00402654
                                                                                                                                0x00402658
                                                                                                                                0x00402659
                                                                                                                                0x0040265b
                                                                                                                                0x0040265b
                                                                                                                                0x0040265e
                                                                                                                                0x00402662
                                                                                                                                0x00402663
                                                                                                                                0x00402665
                                                                                                                                0x00402668
                                                                                                                                0x0040266a
                                                                                                                                0x00000000
                                                                                                                                0x0040266c
                                                                                                                                0x0040266c
                                                                                                                                0x00402671
                                                                                                                                0x004015f5
                                                                                                                                0x004015f5
                                                                                                                                0x00000000
                                                                                                                                0x004015f5
                                                                                                                                0x0040266a
                                                                                                                                0x00000000
                                                                                                                                0x00402690
                                                                                                                                0x00402699
                                                                                                                                0x0040269b
                                                                                                                                0x004026a0
                                                                                                                                0x004026a7
                                                                                                                                0x004026a9
                                                                                                                                0x004026b2
                                                                                                                                0x004026b7
                                                                                                                                0x004026b9
                                                                                                                                0x004026c8
                                                                                                                                0x004026cd
                                                                                                                                0x004026d1
                                                                                                                                0x004026d9
                                                                                                                                0x004026de
                                                                                                                                0x004026e1
                                                                                                                                0x004026e6
                                                                                                                                0x004026eb
                                                                                                                                0x004026ef
                                                                                                                                0x004026f4
                                                                                                                                0x004026f9
                                                                                                                                0x004026fd
                                                                                                                                0x00402701
                                                                                                                                0x00402705
                                                                                                                                0x0040270f
                                                                                                                                0x00402714
                                                                                                                                0x0040271a
                                                                                                                                0x0040271c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402722
                                                                                                                                0x004026be
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402724
                                                                                                                                0x0040272a
                                                                                                                                0x00401ee6
                                                                                                                                0x00401ee6
                                                                                                                                0x00401ef3
                                                                                                                                0x00401bf2
                                                                                                                                0x00401bf2
                                                                                                                                0x0040159e
                                                                                                                                0x0040159e
                                                                                                                                0x00000000
                                                                                                                                0x0040159e
                                                                                                                                0x00402730
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402740
                                                                                                                                0x00402745
                                                                                                                                0x0040274a
                                                                                                                                0x0040274e
                                                                                                                                0x00402754
                                                                                                                                0x0040275a
                                                                                                                                0x0040275f
                                                                                                                                0x00402763
                                                                                                                                0x0040276b
                                                                                                                                0x0040276b
                                                                                                                                0x0040276d
                                                                                                                                0x00402772
                                                                                                                                0x0040277b
                                                                                                                                0x0040277b
                                                                                                                                0x0040277f
                                                                                                                                0x00402784
                                                                                                                                0x0040278d
                                                                                                                                0x0040278d
                                                                                                                                0x00402798
                                                                                                                                0x0040279a
                                                                                                                                0x0040279b
                                                                                                                                0x0040279c
                                                                                                                                0x004027a7
                                                                                                                                0x004027b9
                                                                                                                                0x004019c1
                                                                                                                                0x004019c1
                                                                                                                                0x004019c3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004027c4
                                                                                                                                0x004027c6
                                                                                                                                0x004027c9
                                                                                                                                0x004027d4
                                                                                                                                0x004027dd
                                                                                                                                0x004027eb
                                                                                                                                0x004027f8
                                                                                                                                0x004027fc
                                                                                                                                0x004027fe
                                                                                                                                0x00402801
                                                                                                                                0x00402803
                                                                                                                                0x00402803
                                                                                                                                0x00402805
                                                                                                                                0x00402805
                                                                                                                                0x00402809
                                                                                                                                0x0040280b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402813
                                                                                                                                0x00402816
                                                                                                                                0x00402817
                                                                                                                                0x0040281c
                                                                                                                                0x00402821
                                                                                                                                0x00402824
                                                                                                                                0x00402865
                                                                                                                                0x0040286a
                                                                                                                                0x0040286c
                                                                                                                                0x00402873
                                                                                                                                0x0040287f
                                                                                                                                0x0040288c
                                                                                                                                0x00402826
                                                                                                                                0x0040282d
                                                                                                                                0x0040282f
                                                                                                                                0x00402831
                                                                                                                                0x0040283a
                                                                                                                                0x0040283e
                                                                                                                                0x00402844
                                                                                                                                0x00402845
                                                                                                                                0x00402850
                                                                                                                                0x0040285b
                                                                                                                                0x0040285b
                                                                                                                                0x00402831
                                                                                                                                0x0040288e
                                                                                                                                0x00402890
                                                                                                                                0x00402892
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040289a
                                                                                                                                0x0040289e
                                                                                                                                0x004028a2
                                                                                                                                0x004028a8
                                                                                                                                0x004028b3
                                                                                                                                0x004028bd
                                                                                                                                0x004028c5
                                                                                                                                0x004028c7
                                                                                                                                0x004028c9
                                                                                                                                0x004028cd
                                                                                                                                0x004028dc
                                                                                                                                0x004028dd
                                                                                                                                0x004028e1
                                                                                                                                0x004028e7
                                                                                                                                0x004028ec
                                                                                                                                0x004028f0
                                                                                                                                0x004028f2
                                                                                                                                0x004028f4
                                                                                                                                0x004028f7
                                                                                                                                0x004028fb
                                                                                                                                0x004028fd
                                                                                                                                0x00402a40
                                                                                                                                0x00402a47
                                                                                                                                0x00000000
                                                                                                                                0x00402a4c
                                                                                                                                0x00402903
                                                                                                                                0x00402907
                                                                                                                                0x0040290c
                                                                                                                                0x00402910
                                                                                                                                0x00402912
                                                                                                                                0x00402962
                                                                                                                                0x00402966
                                                                                                                                0x00402966
                                                                                                                                0x00402969
                                                                                                                                0x0040296d
                                                                                                                                0x00402972
                                                                                                                                0x00402973
                                                                                                                                0x00402977
                                                                                                                                0x0040297c
                                                                                                                                0x00402983
                                                                                                                                0x0040298b
                                                                                                                                0x00402990
                                                                                                                                0x00402994
                                                                                                                                0x00402997
                                                                                                                                0x0040299a
                                                                                                                                0x004029a7
                                                                                                                                0x004029ac
                                                                                                                                0x004029ad
                                                                                                                                0x004029ae
                                                                                                                                0x004029b2
                                                                                                                                0x004029b9
                                                                                                                                0x004029be
                                                                                                                                0x004029bf
                                                                                                                                0x004029c4
                                                                                                                                0x004029c8
                                                                                                                                0x004029cf
                                                                                                                                0x004029d0
                                                                                                                                0x004029d4
                                                                                                                                0x004029d7
                                                                                                                                0x004029e1
                                                                                                                                0x004029e4
                                                                                                                                0x004029e9
                                                                                                                                0x004029ea
                                                                                                                                0x004029ec
                                                                                                                                0x004029ed
                                                                                                                                0x004029ed
                                                                                                                                0x004029f6
                                                                                                                                0x004029fb
                                                                                                                                0x004029fe
                                                                                                                                0x00402a07
                                                                                                                                0x00402a11
                                                                                                                                0x00402a17
                                                                                                                                0x00402a19
                                                                                                                                0x00402a21
                                                                                                                                0x00402a22
                                                                                                                                0x00402a29
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a31
                                                                                                                                0x00000000
                                                                                                                                0x00402a31
                                                                                                                                0x00402916
                                                                                                                                0x0040291c
                                                                                                                                0x00402921
                                                                                                                                0x00402925
                                                                                                                                0x00402929
                                                                                                                                0x0040292a
                                                                                                                                0x0040292e
                                                                                                                                0x00402935
                                                                                                                                0x00402936
                                                                                                                                0x0040293a
                                                                                                                                0x0040293b
                                                                                                                                0x0040294f
                                                                                                                                0x00402954
                                                                                                                                0x00402959
                                                                                                                                0x0040295d
                                                                                                                                0x00000000
                                                                                                                                0x0040295d
                                                                                                                                0x0040293d
                                                                                                                                0x00402942
                                                                                                                                0x00402947
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402a59
                                                                                                                                0x00402a60
                                                                                                                                0x00402a62
                                                                                                                                0x00402a67
                                                                                                                                0x00402a69
                                                                                                                                0x00402a6d
                                                                                                                                0x00402a6f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402a75
                                                                                                                                0x00402a79
                                                                                                                                0x00402a83
                                                                                                                                0x00402a8b
                                                                                                                                0x00402a91
                                                                                                                                0x00402a93
                                                                                                                                0x00402a94
                                                                                                                                0x00402a96
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad9
                                                                                                                                0x00402add
                                                                                                                                0x00000000
                                                                                                                                0x00402add
                                                                                                                                0x00402a98
                                                                                                                                0x00402a9d
                                                                                                                                0x00402ac2
                                                                                                                                0x00402ac4
                                                                                                                                0x00402ac9
                                                                                                                                0x00402acc
                                                                                                                                0x00402ad0
                                                                                                                                0x00000000
                                                                                                                                0x00402ad0
                                                                                                                                0x00402a9f
                                                                                                                                0x00402aa3
                                                                                                                                0x00402aac
                                                                                                                                0x00402aac
                                                                                                                                0x00402ab0
                                                                                                                                0x00000000
                                                                                                                                0x00402ab0
                                                                                                                                0x00402aa5
                                                                                                                                0x00402aaa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402af3
                                                                                                                                0x00402af5
                                                                                                                                0x00402afb
                                                                                                                                0x00402afd
                                                                                                                                0x00402b01
                                                                                                                                0x00402b05
                                                                                                                                0x00402b07
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402b0d
                                                                                                                                0x00402b12
                                                                                                                                0x00402b16
                                                                                                                                0x00402b1a
                                                                                                                                0x00402b2c
                                                                                                                                0x00402b34
                                                                                                                                0x00402b3a
                                                                                                                                0x00402b40
                                                                                                                                0x00402b41
                                                                                                                                0x00402b43
                                                                                                                                0x00402b46
                                                                                                                                0x00402b1c
                                                                                                                                0x00402b20
                                                                                                                                0x00402b20
                                                                                                                                0x00402ab4
                                                                                                                                0x00402ab4
                                                                                                                                0x00402ab6
                                                                                                                                0x00402ae1
                                                                                                                                0x00402ae1
                                                                                                                                0x00402a35
                                                                                                                                0x00402a35
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402b50
                                                                                                                                0x00402b55
                                                                                                                                0x00402b57
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402b5d
                                                                                                                                0x004022dd
                                                                                                                                0x004022dd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402b65
                                                                                                                                0x00402b73
                                                                                                                                0x00402b78
                                                                                                                                0x00402b7b
                                                                                                                                0x00401c8d
                                                                                                                                0x00401c8d
                                                                                                                                0x004016c3
                                                                                                                                0x004016c3
                                                                                                                                0x00000000
                                                                                                                                0x004016c3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402b8c
                                                                                                                                0x00402b90
                                                                                                                                0x00402b92
                                                                                                                                0x00402b96
                                                                                                                                0x00402b99
                                                                                                                                0x00402b9d
                                                                                                                                0x00402ba2
                                                                                                                                0x00402ba5
                                                                                                                                0x00402ba7
                                                                                                                                0x00402ba8
                                                                                                                                0x00402bac
                                                                                                                                0x00402bae
                                                                                                                                0x00402bcf
                                                                                                                                0x00402bd2
                                                                                                                                0x00402bff
                                                                                                                                0x00402c05
                                                                                                                                0x00402c0c
                                                                                                                                0x00402bd4
                                                                                                                                0x00402bec
                                                                                                                                0x00402bf9
                                                                                                                                0x00402bf9
                                                                                                                                0x00402bb0
                                                                                                                                0x00402bb1
                                                                                                                                0x00402bb6
                                                                                                                                0x00402bbc
                                                                                                                                0x00402bbe
                                                                                                                                0x00402bc3
                                                                                                                                0x00402bc6
                                                                                                                                0x00402bc7
                                                                                                                                0x00402bcb
                                                                                                                                0x00402bcb
                                                                                                                                0x00402c0e
                                                                                                                                0x00402c12
                                                                                                                                0x00402c4b
                                                                                                                                0x00402c4b
                                                                                                                                0x00000000
                                                                                                                                0x00402c14
                                                                                                                                0x00402c1a
                                                                                                                                0x00402c1c
                                                                                                                                0x00402c20
                                                                                                                                0x00402c20
                                                                                                                                0x00402c24
                                                                                                                                0x00402c37
                                                                                                                                0x00402c3e
                                                                                                                                0x00402c43
                                                                                                                                0x00402c45
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402c45
                                                                                                                                0x00402c26
                                                                                                                                0x00402c2a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402c2e
                                                                                                                                0x00402c33
                                                                                                                                0x00402c35
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402c35
                                                                                                                                0x00000000
                                                                                                                                0x00402c52
                                                                                                                                0x00402c54
                                                                                                                                0x00402c56
                                                                                                                                0x00402c5a
                                                                                                                                0x00402c5e
                                                                                                                                0x00402c63
                                                                                                                                0x00402c65
                                                                                                                                0x00402c67
                                                                                                                                0x00402c69
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402c6f
                                                                                                                                0x00402c74
                                                                                                                                0x00402c79
                                                                                                                                0x00402c7d
                                                                                                                                0x00402c81
                                                                                                                                0x00402dd8
                                                                                                                                0x00402dd8
                                                                                                                                0x00402ddc
                                                                                                                                0x00402dde
                                                                                                                                0x00402de0
                                                                                                                                0x00401b50
                                                                                                                                0x00401b50
                                                                                                                                0x00000000
                                                                                                                                0x00401b50
                                                                                                                                0x00402c88
                                                                                                                                0x00402c91
                                                                                                                                0x00402c93
                                                                                                                                0x00402c97
                                                                                                                                0x00402c9b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402ca1
                                                                                                                                0x00402ca9
                                                                                                                                0x00402cab
                                                                                                                                0x00402cab
                                                                                                                                0x00402cb0
                                                                                                                                0x00402d69
                                                                                                                                0x00402d6d
                                                                                                                                0x00402d82
                                                                                                                                0x00402d84
                                                                                                                                0x00402d8a
                                                                                                                                0x00402d8f
                                                                                                                                0x00402d91
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d93
                                                                                                                                0x00402d93
                                                                                                                                0x00402d97
                                                                                                                                0x00402d9b
                                                                                                                                0x00402d9b
                                                                                                                                0x00402d9f
                                                                                                                                0x00402e18
                                                                                                                                0x00402e1d
                                                                                                                                0x00000000
                                                                                                                                0x00402e1d
                                                                                                                                0x00402da1
                                                                                                                                0x00402da3
                                                                                                                                0x00402da4
                                                                                                                                0x00402da9
                                                                                                                                0x00402dab
                                                                                                                                0x00402dac
                                                                                                                                0x00402de9
                                                                                                                                0x00402de9
                                                                                                                                0x00402dee
                                                                                                                                0x00402e07
                                                                                                                                0x00402e10
                                                                                                                                0x00000000
                                                                                                                                0x00402e10
                                                                                                                                0x00402df0
                                                                                                                                0x00402df5
                                                                                                                                0x00402dfc
                                                                                                                                0x00402dfc
                                                                                                                                0x00402e01
                                                                                                                                0x00000000
                                                                                                                                0x00402e01
                                                                                                                                0x00402df7
                                                                                                                                0x00402dfa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402dfa
                                                                                                                                0x00402dae
                                                                                                                                0x00402db3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402db5
                                                                                                                                0x00402db9
                                                                                                                                0x00402dba
                                                                                                                                0x00402dbd
                                                                                                                                0x00402dc1
                                                                                                                                0x00402dc5
                                                                                                                                0x00402dc8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402dc8
                                                                                                                                0x00402d6f
                                                                                                                                0x00402d71
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d75
                                                                                                                                0x00402d7a
                                                                                                                                0x00402d7c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d7e
                                                                                                                                0x00000000
                                                                                                                                0x00402d7e
                                                                                                                                0x00402cb6
                                                                                                                                0x00402cb7
                                                                                                                                0x00402cbb
                                                                                                                                0x00402cbc
                                                                                                                                0x00402cbe
                                                                                                                                0x00402cc4
                                                                                                                                0x00402cca
                                                                                                                                0x00402cd0
                                                                                                                                0x00402cd2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402cd8
                                                                                                                                0x00402cdc
                                                                                                                                0x00402ce0
                                                                                                                                0x00402ce2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402ce8
                                                                                                                                0x00402ced
                                                                                                                                0x00402cf1
                                                                                                                                0x00402cf5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d02
                                                                                                                                0x00402d0a
                                                                                                                                0x00402d10
                                                                                                                                0x00402d12
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d14
                                                                                                                                0x00402d18
                                                                                                                                0x00402d1a
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d21
                                                                                                                                0x00402d26
                                                                                                                                0x00402d2a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d2d
                                                                                                                                0x00402d2e
                                                                                                                                0x00402d35
                                                                                                                                0x00402d39
                                                                                                                                0x00402d44
                                                                                                                                0x00402d4d
                                                                                                                                0x00402d55
                                                                                                                                0x00402d5b
                                                                                                                                0x00402d5f
                                                                                                                                0x00402d63
                                                                                                                                0x00402d65
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d67
                                                                                                                                0x00000000
                                                                                                                                0x00402dca
                                                                                                                                0x00402dca
                                                                                                                                0x00402dce
                                                                                                                                0x00402dce
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402e27
                                                                                                                                0x00402e2b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402e33
                                                                                                                                0x00402e40
                                                                                                                                0x00402e46
                                                                                                                                0x00402e4c
                                                                                                                                0x00402e50
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402e5e
                                                                                                                                0x00402e63
                                                                                                                                0x00402e65
                                                                                                                                0x00402e6c
                                                                                                                                0x00402e6c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402e78
                                                                                                                                0x00402e7d
                                                                                                                                0x00402e7f
                                                                                                                                0x004019a5
                                                                                                                                0x004019a7
                                                                                                                                0x004019a8
                                                                                                                                0x004019aa
                                                                                                                                0x00000000
                                                                                                                                0x004019aa
                                                                                                                                0x00402e85
                                                                                                                                0x00402e8e
                                                                                                                                0x00402e94
                                                                                                                                0x00402e96
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402eac
                                                                                                                                0x00402eb1
                                                                                                                                0x00402eba
                                                                                                                                0x00402ec0
                                                                                                                                0x00402ec3
                                                                                                                                0x00402ed1
                                                                                                                                0x00402e9c
                                                                                                                                0x00402e9c
                                                                                                                                0x00402ea3
                                                                                                                                0x00402ea4
                                                                                                                                0x00000000
                                                                                                                                0x00402ea4
                                                                                                                                0x00402ec5
                                                                                                                                0x00402ec7
                                                                                                                                0x00402b81
                                                                                                                                0x00402b81
                                                                                                                                0x00402b83
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402eda
                                                                                                                                0x00402ee4
                                                                                                                                0x00402ee7
                                                                                                                                0x00402eeb
                                                                                                                                0x00402ef0
                                                                                                                                0x00402ef2
                                                                                                                                0x00402ef6
                                                                                                                                0x00402ef6
                                                                                                                                0x00402efc
                                                                                                                                0x00402f0e
                                                                                                                                0x00402f10
                                                                                                                                0x00402f17
                                                                                                                                0x00402f1a
                                                                                                                                0x00402fd8
                                                                                                                                0x00402fd8
                                                                                                                                0x00402fdf
                                                                                                                                0x00402fe7
                                                                                                                                0x00402fe9
                                                                                                                                0x00402fea
                                                                                                                                0x00402fec
                                                                                                                                0x00402fee
                                                                                                                                0x00402ff0
                                                                                                                                0x00402ff2
                                                                                                                                0x00402ff8
                                                                                                                                0x00402ff8
                                                                                                                                0x00403001
                                                                                                                                0x00000000
                                                                                                                                0x00402f20
                                                                                                                                0x00402f20
                                                                                                                                0x00402f28
                                                                                                                                0x00402f32
                                                                                                                                0x00402f34
                                                                                                                                0x00402f38
                                                                                                                                0x00402f3a
                                                                                                                                0x00402fcc
                                                                                                                                0x00402fd1
                                                                                                                                0x00402fd2
                                                                                                                                0x00000000
                                                                                                                                0x00402fd2
                                                                                                                                0x00402f4b
                                                                                                                                0x00402f5c
                                                                                                                                0x00402f5e
                                                                                                                                0x00402f62
                                                                                                                                0x00402f64
                                                                                                                                0x00402fa5
                                                                                                                                0x00402fa9
                                                                                                                                0x00402fb8
                                                                                                                                0x00402fc8
                                                                                                                                0x00000000
                                                                                                                                0x00402fc8
                                                                                                                                0x00402f70
                                                                                                                                0x00402f75
                                                                                                                                0x00402f77
                                                                                                                                0x00402f9b
                                                                                                                                0x00402f9f
                                                                                                                                0x00000000
                                                                                                                                0x00402f9f
                                                                                                                                0x00402f79
                                                                                                                                0x00402f7b
                                                                                                                                0x00402f7b
                                                                                                                                0x00402f7d
                                                                                                                                0x00402f80
                                                                                                                                0x00402f88
                                                                                                                                0x00402f8d
                                                                                                                                0x00402f8f
                                                                                                                                0x00402f8f
                                                                                                                                0x00402f93
                                                                                                                                0x00402f97
                                                                                                                                0x00000000
                                                                                                                                0x00402f97
                                                                                                                                0x00000000
                                                                                                                                0x0040300b
                                                                                                                                0x0040300d
                                                                                                                                0x00403054
                                                                                                                                0x00403055
                                                                                                                                0x004018f8
                                                                                                                                0x004018f8
                                                                                                                                0x004018fd
                                                                                                                                0x004018fe
                                                                                                                                0x004018fe
                                                                                                                                0x00000000
                                                                                                                                0x004018fe
                                                                                                                                0x0040301a
                                                                                                                                0x00403024
                                                                                                                                0x00403029
                                                                                                                                0x00403031
                                                                                                                                0x00403035
                                                                                                                                0x00403043
                                                                                                                                0x00403037
                                                                                                                                0x00403037
                                                                                                                                0x00403037
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403060
                                                                                                                                0x00403065
                                                                                                                                0x00403068
                                                                                                                                0x0040306e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403074
                                                                                                                                0x00403078
                                                                                                                                0x0040307e
                                                                                                                                0x00403084
                                                                                                                                0x00403086
                                                                                                                                0x0040309b
                                                                                                                                0x0040309e
                                                                                                                                0x0040309e
                                                                                                                                0x004030a0
                                                                                                                                0x004030a4
                                                                                                                                0x004030be
                                                                                                                                0x004030c3
                                                                                                                                0x004030c3
                                                                                                                                0x004030c3
                                                                                                                                0x004030ca
                                                                                                                                0x004030a6
                                                                                                                                0x004030ae
                                                                                                                                0x004030b0
                                                                                                                                0x004030b0
                                                                                                                                0x004030ce
                                                                                                                                0x004030d2
                                                                                                                                0x004030d5
                                                                                                                                0x004030da
                                                                                                                                0x004030e1
                                                                                                                                0x004030e1
                                                                                                                                0x00000000
                                                                                                                                0x004030da
                                                                                                                                0x00403088
                                                                                                                                0x0040308b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403091
                                                                                                                                0x00403094
                                                                                                                                0x00403095
                                                                                                                                0x00401ecf
                                                                                                                                0x00401ecf
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004030f1
                                                                                                                                0x004030f4
                                                                                                                                0x004030f7
                                                                                                                                0x00401734
                                                                                                                                0x00401736
                                                                                                                                0x00000000
                                                                                                                                0x00401736
                                                                                                                                0x004030fd
                                                                                                                                0x00403101
                                                                                                                                0x00403123
                                                                                                                                0x00403128
                                                                                                                                0x0040312c
                                                                                                                                0x00403143
                                                                                                                                0x0040312e
                                                                                                                                0x0040312e
                                                                                                                                0x00403132
                                                                                                                                0x00403132
                                                                                                                                0x00000000
                                                                                                                                0x0040312c
                                                                                                                                0x00403103
                                                                                                                                0x00403107
                                                                                                                                0x00403118
                                                                                                                                0x00403119
                                                                                                                                0x00402e56
                                                                                                                                0x00402e56
                                                                                                                                0x00402e57
                                                                                                                                0x004016c4
                                                                                                                                0x004016c4
                                                                                                                                0x00000000
                                                                                                                                0x004016c4
                                                                                                                                0x00403111
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403150
                                                                                                                                0x00403156
                                                                                                                                0x0040315c
                                                                                                                                0x00403160
                                                                                                                                0x00403169
                                                                                                                                0x00403169
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • PostQuitMessage.USER32(?), ref: 004015B3
                                                                                                                                • Sleep.KERNEL32(00000001,?,?,?,7FFFFFFF), ref: 0040161E
                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00401639
                                                                                                                                • ShowWindow.USER32(?), ref: 004016DF
                                                                                                                                • ShowWindow.USER32(?,00000001), ref: 004016F4
                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,000000F0), ref: 0040171B
                                                                                                                                • GetFileAttributesW.KERNEL32(00000000,00000000,00000000,0000005C,00000000,?,?,000000F0,?,?,?,?,?,000000F0), ref: 004017BC
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,004D7000,00000000,000000E6,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll), ref: 00401812
                                                                                                                                • GetLastError.KERNEL32 ref: 00401820
                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 004018B8
                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002000,00000000,?,00000000,000000E3,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll,?,?,?,?,?,?,?,00000000,0000005C), ref: 0040192A
                                                                                                                                • GetShortPathNameW.KERNEL32 ref: 00401977
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWindow$AttributesNamePathShow$CurrentDirectoryErrorForegroundFullLastMessageMovePostQuitShortSleep
                                                                                                                                • String ID: Aborting: "%s"$BringToFront$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$DetailPrint: %s$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetCurrentDirectory(%s) failed (%d)$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$SetFlag: %d=%d$Sleep(%d)
                                                                                                                                • API String ID: 2902077582-2015987292
                                                                                                                                • Opcode ID: 953e1bf367e93ce196ed7d24f2d7f0120a7ec85b2756f36f1434643cfedfb3ea
                                                                                                                                • Instruction ID: f7c8ae87ec6b713b63129a8999de39b2a8657b8cfbc9afd0be6b641060e354b8
                                                                                                                                • Opcode Fuzzy Hash: 953e1bf367e93ce196ed7d24f2d7f0120a7ec85b2756f36f1434643cfedfb3ea
                                                                                                                                • Instruction Fuzzy Hash: 97B1F831608310ABD2107F759C45E2B3AACAF89358F14453FF845B62D2EB7C8E019A6F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004051A0, Relevance: 48.4, APIs: 32, Instructions: 363windowstringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 351 4051a0-4051b5 352 4052f6-40530c 351->352 353 4051bb-4051c1 351->353 355 405354-405368 352->355 356 40530e-405342 GetDlgItem * 2 call 4056fe KiUserCallbackDispatcher call 4014e3 352->356 353->352 354 4051c7-4051d0 353->354 357 4051d2-4051df SetWindowPos 354->357 358 4051e5-4051ec 354->358 360 4053a6-4053ab call 4056cc 355->360 361 40536a-40536c 355->361 377 405347-40534e 356->377 357->358 363 405205-40520b 358->363 364 4051ee-4051ff ShowWindow 358->364 368 4053b0-4053cf 360->368 366 40539e-4053a0 361->366 367 40536e-405379 call 4013af 361->367 369 405224-405227 363->369 370 40520d-40521f DestroyWindow 363->370 364->363 366->360 373 40567b 366->373 367->366 388 40537b-405399 SendMessageW 367->388 374 4053d1-4053dc call 4014e3 368->374 375 4053e2-4053e8 368->375 378 405229-405235 SetWindowLongW 369->378 379 40523a-405240 369->379 376 40565a 370->376 380 40567d-405684 373->380 374->375 383 405635-40564e DestroyWindow KiUserCallbackDispatcher 375->383 384 4053ee-4053f0 375->384 385 405660-405667 376->385 377->355 378->380 386 4052e6-4052f1 call 40594c 379->386 387 405246-405259 GetDlgItem 379->387 391 405654 383->391 384->383 392 4053f6-40544d call 406119 call 4056fe * 3 GetDlgItem 384->392 385->373 393 405669-40566b 385->393 386->380 394 405278-405281 387->394 395 40525b-405272 SendMessageW IsWindowEnabled 387->395 388->380 391->376 424 40545b-4054a3 ShowWindow KiUserCallbackDispatcher call 405687 KiUserCallbackDispatcher 392->424 425 40544f-405457 392->425 393->373 398 40566d-405675 ShowWindow 393->398 399 405283-405284 394->399 400 405286-405289 394->400 395->373 395->394 398->373 402 4052c9-4052ce call 405b7f 399->402 403 405298-40529d 400->403 404 40528b-405292 400->404 402->386 405 4052d0-4052e0 SendMessageW 403->405 407 40529f-4052a6 403->407 404->405 406 405294-405296 404->406 405->386 406->402 410 4052b6-4052bf call 4014e3 407->410 411 4052a8-4052b4 call 4014e3 407->411 410->386 421 4052c1 410->421 420 4052c7 411->420 420->402 421->420 428 4054a5-4054a6 424->428 429 4054a8 424->429 425->424 430 4054a9-4054d4 GetSystemMenu EnableMenuItem SendMessageW 428->430 429->430 431 4054d6-4054eb SendMessageW 430->431 432 4054ed 430->432 433 4054f3-405539 call 4056e7 call 405f78 call 40708c lstrlenW call 406119 SetWindowTextW call 4013af 431->433 432->433 433->368 444 40553f-405541 433->444 444->368 445 405547-40554b 444->445 446 40556a-40557e DestroyWindow 445->446 447 40554d-405553 445->447 446->391 449 405584-4055b4 CreateDialogParamW 446->449 447->373 448 405559-40555f 447->448 448->368 450 405565 448->450 449->376 451 4055ba-405611 call 4056fe GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 4013af 449->451 450->373 451->373 456 405613-405628 ShowWindow call 4056cc 451->456 458 40562d-405633 456->458 458->385
                                                                                                                                C-Code - Quality: 81%
                                                                                                                                			E004051A0() {
				signed int _t45;
				signed int _t47;
				intOrPtr _t49;
				signed int _t60;
				int _t70;
				int _t88;
				struct HWND__* _t107;
				intOrPtr _t110;
				int _t112;
				int _t114;
				intOrPtr _t130;
				long _t134;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				struct HWND__* _t140;
				struct HWND__* _t141;
				struct HWND__* _t142;
				int _t143;
				int _t152;
				void* _t153;

				_t130 =  *((intOrPtr*)(_t153 + 0x1c));
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t137 =  *(_t153 + 0x2c);
					_t141 =  *(_t153 + 0x24);
					 *0x451d48 = _t137;
					if(_t130 == 0x110) {
						 *0x47621c = _t141;
						 *0x451d54 = GetDlgItem(_t141, 1);
						_t107 = GetDlgItem(_t141, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x451d58 = _t107;
						E004056FE(_t141);
						SetClassLongW(_t141, 0xfffffff2,  *0x4761f8); // executed
						_t110 = E004014E3(4);
						_t137 = 1;
						 *0x47620c = _t110;
						 *0x451d48 = 1;
					}
					_t45 =  *0x40c014; // 0x5
					_t134 = (_t45 << 6) +  *0x47e240;
					if(_t45 < 0) {
						L34:
						E004056CC(0x40b);
						while(1) {
							_t138 =  *0x40c014; // 0x5
							_t47 =  *0x451d48;
							_t139 = _t138 + _t47;
							_t134 = _t134 + (_t47 << 6);
							 *0x40c014 = _t139;
							_t49 =  *0x47e244;
							if(_t139 == _t49) {
								E004014E3(1);
								_t49 =  *0x47e244;
								_t139 =  *0x40c014; // 0x5
							}
							if( *0x47620c != 0 || _t139 >= _t49) {
								break;
							}
							 *(_t153 + 0x38) =  *(_t134 + 0x14);
							E00406119(0x4f7000,  *((intOrPtr*)(_t134 + 0x24)));
							_push( *((intOrPtr*)(_t134 + 0x20)));
							_push(0xfffffc19);
							E004056FE(_t141);
							_push( *((intOrPtr*)(_t134 + 0x1c)));
							_push(0xfffffc1b);
							E004056FE(_t141);
							_push( *((intOrPtr*)(_t134 + 0x28)));
							_push(0xfffffc1a);
							E004056FE(_t141);
							_t140 = GetDlgItem(_t141, 3);
							_t60 =  *(_t153 + 0x30);
							 *(_t153 + 0x2c) = _t140;
							if( *0x47e2ec != 0) {
								_t60 = _t60 & 0xfffffefd | 0x00000004;
								 *(_t153 + 0x30) = _t60;
							}
							ShowWindow(_t140, _t60 & 0x00000008); // executed
							EnableWindow( *(_t153 + 0x30),  *(_t153 + 0x30) & 0x00000100); // executed
							E00405687( *(_t153 + 0x30) & 0x00000002);
							_t70 =  *(_t153 + 0x30) & 0x00000004;
							 *(_t153 + 0x38) = _t70;
							EnableWindow( *0x451d58, _t70); // executed
							if( *(_t153 + 0x30) == 0) {
								_push(1);
							} else {
								_push(0);
							}
							EnableMenuItem(GetSystemMenu(_t141, 0), 0xf060, ??);
							SendMessageW( *(_t153 + 0x38), 0xf4, 0, 1);
							if( *0x47e2ec == 0) {
								_push( *0x451d54);
							} else {
								SendMessageW(_t141, 0x401, 2, 0);
								_push( *0x451d58);
							}
							E004056E7();
							E0040708C(0x441d48, E00405F78());
							E00406119( &(0x441d48[lstrlenW(0x441d48)]),  *((intOrPtr*)(_t134 + 0x18)));
							SetWindowTextW(_t141, 0x441d48); // executed
							_push(0);
							if(E004013AF( *((intOrPtr*)(_t134 + 8))) != 0 ||  *_t134 == 0) {
								continue;
							} else {
								if( *(_t134 + 4) != 5) {
									DestroyWindow( *0x4761fc); // executed
									 *0x451d4c = _t134;
									if( *_t134 <= 0) {
										L58:
										_t152 =  *0x4761fc;
										goto L59;
									}
									_t88 = CreateDialogParamW( *0x476218,  *_t134 +  *0x4761f4 & 0x0000ffff, _t141,  *(0x40c018 +  *(_t134 + 4) * 4), _t134); // executed
									_t152 = _t88;
									 *0x4761fc = _t152;
									if(_t152 == 0) {
										goto L59;
									}
									_push( *((intOrPtr*)(_t134 + 0x2c)));
									_push(6);
									E004056FE(_t152);
									GetWindowRect(GetDlgItem(_t141, 0x3fa), _t153 + 0x10);
									ScreenToClient(_t141, _t153 + 0x10);
									SetWindowPos( *0x4761fc, 0,  *(_t153 + 0x20),  *(_t153 + 0x20), 0, 0, 0x15);
									_push(0);
									E004013AF( *((intOrPtr*)(_t134 + 0xc)));
									if( *0x47620c != 0) {
										goto L63;
									}
									ShowWindow( *0x4761fc, 8); // executed
									E004056CC(0x405);
									_t152 =  *0x4761fc;
									goto L60;
								}
								if( *0x47e2ec != 0) {
									goto L63;
								}
								if( *0x47e2e0 != 0) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x4761fc); // executed
						 *0x47621c = 0;
						EndDialog(_t141,  *0x441d44); // executed
						goto L58;
					} else {
						if(_t137 != 1) {
							L33:
							if( *_t134 == 0) {
								goto L63;
							}
							goto L34;
						}
						_push(0);
						if(E004013AF( *((intOrPtr*)(_t134 + 0x10))) == 0) {
							goto L33;
						}
						SendMessageW( *0x4761fc, 0x40f, 0, 1);
						return 0 |  *0x47620c == 0x00000000;
					}
				} else {
					_t141 =  *(_t153 + 0x24);
					if(_t130 == 0x47) {
						SetWindowPos( *0x451d50, _t141, 0, 0, 0, 0, 0x13);
					}
					_t152 =  *(_t153 + 0x2c);
					if(_t130 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x451d50,  ~(_t152 - 1) & 0x00000005); // executed
					}
					if(_t130 != 0x40d) {
						if(_t130 != 0x11) {
							if(_t130 != 0x111) {
								L26:
								return E0040594C(_t130, _t152,  *(_t153 + 0x30));
							}
							_t112 = _t152 & 0x0000ffff;
							 *(_t153 + 0x34) = _t112;
							_t142 = GetDlgItem(_t141, _t112);
							if(_t142 == 0) {
								L13:
								_t114 =  *(_t153 + 0x2c);
								if(_t114 != 1) {
									if(_t114 != 3) {
										_t143 = 2;
										if(_t114 != _t143) {
											L25:
											SendMessageW( *0x4761fc, 0x111, _t152,  *(_t153 + 0x30));
											goto L26;
										}
										if( *0x47e2ec == 0) {
											if(E004014E3(3) != 0) {
												goto L26;
											}
											 *0x441d44 = 1;
											L23:
											_push(0x78);
											L24:
											E00405B7F();
											goto L26;
										}
										E004014E3(_t143);
										 *0x441d44 = _t143;
										goto L23;
									}
									if( *0x40c014 <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L24;
								}
								_push(1);
								goto L24;
							}
							SendMessageW(_t142, 0xf3, 0, 0);
							if(IsWindowEnabled(_t142) == 0) {
								goto L63;
							}
							goto L13;
						}
						SetWindowLongW(_t141, 0, 0);
						return 1;
					} else {
						DestroyWindow( *0x4761fc); // executed
						 *0x4761fc = _t152;
						L59:
						L60:
						if( *0x441d40 == 0 && _t152 != 0) {
							ShowWindow(_t141, 0xa); // executed
							 *0x441d40 = 1;
						}
						L63:
						return 0;
					}
				}
			}
























                                                                                                                                0x004051a9
                                                                                                                                0x004051b5
                                                                                                                                0x004052f6
                                                                                                                                0x004052fc
                                                                                                                                0x00405306
                                                                                                                                0x0040530c
                                                                                                                                0x00405310
                                                                                                                                0x0040531b
                                                                                                                                0x00405320
                                                                                                                                0x00405322
                                                                                                                                0x00405324
                                                                                                                                0x00405327
                                                                                                                                0x0040532c
                                                                                                                                0x0040533a
                                                                                                                                0x00405342
                                                                                                                                0x00405347
                                                                                                                                0x00405349
                                                                                                                                0x0040534e
                                                                                                                                0x0040534e
                                                                                                                                0x00405354
                                                                                                                                0x00405360
                                                                                                                                0x00405368
                                                                                                                                0x004053a6
                                                                                                                                0x004053ab
                                                                                                                                0x004053b0
                                                                                                                                0x004053b0
                                                                                                                                0x004053b6
                                                                                                                                0x004053bb
                                                                                                                                0x004053c0
                                                                                                                                0x004053c2
                                                                                                                                0x004053c8
                                                                                                                                0x004053cf
                                                                                                                                0x004053d2
                                                                                                                                0x004053d7
                                                                                                                                0x004053dc
                                                                                                                                0x004053dc
                                                                                                                                0x004053e8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405401
                                                                                                                                0x00405405
                                                                                                                                0x0040540a
                                                                                                                                0x0040540d
                                                                                                                                0x00405413
                                                                                                                                0x00405418
                                                                                                                                0x0040541b
                                                                                                                                0x00405421
                                                                                                                                0x00405426
                                                                                                                                0x00405429
                                                                                                                                0x0040542f
                                                                                                                                0x0040543d
                                                                                                                                0x0040543f
                                                                                                                                0x00405443
                                                                                                                                0x0040544d
                                                                                                                                0x00405454
                                                                                                                                0x00405457
                                                                                                                                0x00405457
                                                                                                                                0x00405460
                                                                                                                                0x00405474
                                                                                                                                0x00405482
                                                                                                                                0x0040548b
                                                                                                                                0x00405495
                                                                                                                                0x00405499
                                                                                                                                0x004054a3
                                                                                                                                0x004054a8
                                                                                                                                0x004054a5
                                                                                                                                0x004054a5
                                                                                                                                0x004054a5
                                                                                                                                0x004054b7
                                                                                                                                0x004054c8
                                                                                                                                0x004054d4
                                                                                                                                0x004054ed
                                                                                                                                0x004054d6
                                                                                                                                0x004054df
                                                                                                                                0x004054e5
                                                                                                                                0x004054e5
                                                                                                                                0x004054f3
                                                                                                                                0x00405503
                                                                                                                                0x0040551d
                                                                                                                                0x00405528
                                                                                                                                0x0040552e
                                                                                                                                0x00405539
                                                                                                                                0x00000000
                                                                                                                                0x00405547
                                                                                                                                0x0040554b
                                                                                                                                0x00405570
                                                                                                                                0x00405576
                                                                                                                                0x0040557e
                                                                                                                                0x00405654
                                                                                                                                0x00405654
                                                                                                                                0x00000000
                                                                                                                                0x00405654
                                                                                                                                0x004055a4
                                                                                                                                0x004055aa
                                                                                                                                0x004055ac
                                                                                                                                0x004055b4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004055ba
                                                                                                                                0x004055bd
                                                                                                                                0x004055c0
                                                                                                                                0x004055d7
                                                                                                                                0x004055e3
                                                                                                                                0x004055fc
                                                                                                                                0x00405602
                                                                                                                                0x00405606
                                                                                                                                0x00405611
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405621
                                                                                                                                0x00405628
                                                                                                                                0x0040562d
                                                                                                                                0x00000000
                                                                                                                                0x0040562d
                                                                                                                                0x00405553
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040555f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405565
                                                                                                                                0x00405539
                                                                                                                                0x0040563b
                                                                                                                                0x00405647
                                                                                                                                0x0040564e
                                                                                                                                0x00000000
                                                                                                                                0x0040536a
                                                                                                                                0x0040536c
                                                                                                                                0x0040539e
                                                                                                                                0x004053a0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004053a0
                                                                                                                                0x0040536e
                                                                                                                                0x00405379
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405388
                                                                                                                                0x00000000
                                                                                                                                0x00405396
                                                                                                                                0x004051c7
                                                                                                                                0x004051c7
                                                                                                                                0x004051d0
                                                                                                                                0x004051df
                                                                                                                                0x004051df
                                                                                                                                0x004051e5
                                                                                                                                0x004051ec
                                                                                                                                0x004051f3
                                                                                                                                0x004051ff
                                                                                                                                0x004051ff
                                                                                                                                0x0040520b
                                                                                                                                0x00405227
                                                                                                                                0x00405240
                                                                                                                                0x004052e6
                                                                                                                                0x00000000
                                                                                                                                0x004052ec
                                                                                                                                0x00405246
                                                                                                                                0x0040524b
                                                                                                                                0x00405255
                                                                                                                                0x00405259
                                                                                                                                0x00405278
                                                                                                                                0x00405278
                                                                                                                                0x00405281
                                                                                                                                0x00405289
                                                                                                                                0x0040529a
                                                                                                                                0x0040529d
                                                                                                                                0x004052d0
                                                                                                                                0x004052e0
                                                                                                                                0x00000000
                                                                                                                                0x004052e0
                                                                                                                                0x004052a6
                                                                                                                                0x004052bf
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004052c1
                                                                                                                                0x004052c7
                                                                                                                                0x004052c7
                                                                                                                                0x004052c9
                                                                                                                                0x004052c9
                                                                                                                                0x00000000
                                                                                                                                0x004052c9
                                                                                                                                0x004052a9
                                                                                                                                0x004052ae
                                                                                                                                0x00000000
                                                                                                                                0x004052ae
                                                                                                                                0x00405292
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405294
                                                                                                                                0x00000000
                                                                                                                                0x00405294
                                                                                                                                0x00405283
                                                                                                                                0x00000000
                                                                                                                                0x00405283
                                                                                                                                0x00405263
                                                                                                                                0x00405272
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405272
                                                                                                                                0x0040522c
                                                                                                                                0x00000000
                                                                                                                                0x0040520d
                                                                                                                                0x00405213
                                                                                                                                0x00405219
                                                                                                                                0x0040565a
                                                                                                                                0x00405660
                                                                                                                                0x00405667
                                                                                                                                0x00405670
                                                                                                                                0x00405675
                                                                                                                                0x00405675
                                                                                                                                0x0040567b
                                                                                                                                0x00000000
                                                                                                                                0x0040567b
                                                                                                                                0x0040520b

                                                                                                                                APIs
                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004051DF
                                                                                                                                • ShowWindow.USER32(?), ref: 004051FF
                                                                                                                                • DestroyWindow.USER32 ref: 00405213
                                                                                                                                • SetWindowLongW.USER32 ref: 0040522C
                                                                                                                                • GetDlgItem.USER32 ref: 0040524F
                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405263
                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 0040526A
                                                                                                                                • GetDlgItem.USER32 ref: 00405316
                                                                                                                                • GetDlgItem.USER32 ref: 00405320
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 0040533A
                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405388
                                                                                                                                • GetDlgItem.USER32 ref: 00405437
                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00405460
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405474
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405499
                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004054B0
                                                                                                                                • EnableMenuItem.USER32 ref: 004054B7
                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004054C8
                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004054DF
                                                                                                                                • lstrlenW.KERNEL32(00441D48,?,00441D48,00000000), ref: 00405510
                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00405670
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemlstrlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2449035543-0
                                                                                                                                • Opcode ID: d81640ed7d16115e669227a685dc53deb55cbe77b40d776618b88749d9fbbb1e
                                                                                                                                • Instruction ID: 8378470658c17b813503627698af1832834c9b14e95378ca3b7093faf3db4e58
                                                                                                                                • Opcode Fuzzy Hash: d81640ed7d16115e669227a685dc53deb55cbe77b40d776618b88749d9fbbb1e
                                                                                                                                • Instruction Fuzzy Hash: F5C1FE70500600BBDB21AF61ED89E6B3BA8FB45345F40097EF909B51B2C73A9880DF6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405C70, Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 232stringregistryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 634 405c70-405c8b call 406e4e 637 405c8d-405c9d call 406a5b 634->637 638 405c9f-405cd5 call 406ee1 634->638 646 405cf8-405d21 call 405ba6 call 406a74 637->646 643 405cd7-405ce8 call 406ee1 638->643 644 405ced-405cf3 lstrcatW 638->644 643->644 644->646 652 405d27-405d2c 646->652 653 405db9-405dc1 call 406a74 646->653 652->653 654 405d32-405d5b call 406ee1 652->654 659 405dc3-405dca call 406119 653->659 660 405dcf-405dd9 653->660 654->653 661 405d5d-405d63 654->661 659->660 663 405ddb-405de1 660->663 664 405dee-405e1b LoadImageW 660->664 668 405d65-405d73 call 406a3c 661->668 669 405d76-405d84 lstrlenW 661->669 663->664 665 405de3-405de8 call 405a4c 663->665 666 405e9a-405ea2 call 4014e3 664->666 667 405e1d-405e47 RegisterClassW 664->667 665->664 686 405ea4-405ea7 666->686 687 405eac-405eb7 call 405ba6 666->687 673 405e4d-405e95 SystemParametersInfoW CreateWindowExW 667->673 674 405f6e 667->674 668->669 670 405d86-405d94 lstrcmpiW 669->670 671 405dac-405db4 call 40699c call 40708c 669->671 670->671 677 405d96-405da0 GetFileAttributesW 670->677 671->653 673->666 679 405f70-405f77 674->679 683 405da2-405da4 677->683 684 405da6-405da7 call 407225 677->684 683->671 683->684 684->671 686->679 692 405f46-405f47 call 405a6d 687->692 693 405ebd-405ed7 ShowWindow call 40643f 687->693 696 405f4c-405f4e 692->696 698 405ee3-405ef4 GetClassInfoW 693->698 699 405ed9-405ede call 40643f 693->699 700 405f50-405f56 696->700 701 405f68-405f69 call 4014e3 696->701 704 405f14-405f37 DialogBoxParamW call 4014e3 698->704 705 405ef6-405f12 GetClassInfoW RegisterClassW 698->705 699->698 700->686 706 405f5c-405f63 call 4014e3 700->706 701->674 709 405f3c-405f44 call 403ef3 704->709 705->704 706->686 709->679
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E00405C70() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				intOrPtr* _t23;
				short _t24;
				void* _t32;
				short _t34;
				void* _t37;
				short _t40;
				int _t41;
				int _t45;
				short _t67;
				WCHAR* _t70;
				signed char _t74;
				short _t82;
				void* _t83;
				void* _t85;
				signed int _t87;
				intOrPtr _t88;
				WCHAR* _t94;

				_t88 =  *0x47e230;
				_t23 = E00406E4E(2);
				_t82 = 0x30;
				_t99 = _t23;
				if(_t23 == 0) {
					_t24 = 0x78;
					 *0x4df002 = _t24;
					 *0x4df000 = _t82;
					 *0x4df004 = 0;
					E00406EE1(_t82, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x441d48, 0);
					__eflags =  *0x441d48;
					if(__eflags == 0) {
						E00406EE1(_t82, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M0040A3AC, 0x441d48, 0);
					}
					lstrcatW(0x4df000, 0x441d48);
				} else {
					E00406A5B(0x4df000,  *_t23() & 0x0000ffff);
				}
				"QSUVWh"();
				 *0x47e2fc = 0x10000;
				 *0x47e2e0 =  *0x47e22c & 0x00000020;
				if(E00406A74(_t99, 0x4d3000) != 0) {
					L16:
					if(E00406A74(_t108, 0x4d3000) == 0) {
						E00406119(0x4d3000,  *((intOrPtr*)(_t88 + 0x118)));
					}
					if(( *0x47e22c & 0x00000010) != 0 &&  *0x47e224 == 0) {
						E00405A4C();
						 *0x46d1a0 = 1;
					}
					_t32 = LoadImageW( *0x476218, 0x67, 1, 0, 0, 0x8040); // executed
					_t83 = _t32;
					 *0x4761f8 = _t83;
					if( *((intOrPtr*)(_t88 + 0x50)) == 0xffffffff) {
						L24:
						if(E004014E3(0) == 0) {
							"QSUVWh"();
							__eflags =  *0x47e300;
							if( *0x47e300 != 0) {
								_t34 = E00405A6D(_t33, 0);
								__eflags = _t34;
								if(_t34 == 0) {
									E004014E3(1);
									goto L36;
								}
								__eflags =  *0x47620c;
								if( *0x47620c == 0) {
									E004014E3(2);
								}
								goto L25;
							}
							ShowWindow( *0x451d50, 5); // executed
							_t40 = E0040643F("RichEd20"); // executed
							__eflags = _t40;
							if(_t40 == 0) {
								E0040643F("RichEd32");
							}
							_t41 = GetClassInfoW(0, L"RichEdit20W", 0x4761c0);
							__eflags = _t41;
							if(_t41 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4761c0);
								 *0x4761e4 = L"RichEdit20W";
								RegisterClassW(0x4761c0);
							}
							_t45 = DialogBoxParamW( *0x476218,  *0x4761f4 + 0x00000069 & 0x0000ffff, 0, E004051A0, 0); // executed
							E00403EF3(E004014E3(5), 1);
							return _t45;
						}
						L25:
						_t37 = 2;
						return _t37;
					} else {
						 *0x4761c4 = E00401000;
						 *0x4761d0 =  *0x476218;
						 *0x4761d4 = _t83;
						 *0x4761e4 = L"_Nb";
						if(RegisterClassW(0x4761c0) == 0) {
							L36:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x451d50 = CreateWindowExW(0x80, L"_Nb", 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x476218, 0);
						goto L24;
					}
				} else {
					_t87 =  *(_t88 + 0x48);
					_t101 = _t87;
					if(_t87 == 0) {
						goto L16;
					}
					_t84 =  *0x47e258;
					_t94 = 0x46e1c0;
					E00406EE1( *0x47e258, _t101,  *((intOrPtr*)(_t88 + 0x44)),  *0x47e258 + _t87 * 2, _t84 +  *(_t88 + 0x4c) * 2, 0x46e1c0, 0);
					_t67 =  *0x46e1c0; // 0x44
					if(_t67 == 0) {
						goto L16;
					}
					_t85 = 0x22;
					if(_t67 == _t85) {
						_t94 = 0x46e1c2;
						 *((short*)(E00406A3C(0x46e1c2, _t85))) = 0;
					}
					_t70 =  &(_t94[lstrlenW(_t94) + 0xfffffffc]);
					if(_t70 <= _t94 || lstrcmpiW(_t70, L".exe") != 0) {
						L15:
						E0040708C(0x4d3000, E0040699C(_t94));
						goto L16;
					} else {
						_t74 = GetFileAttributesW(_t94);
						if(_t74 == 0xffffffff) {
							L14:
							E00407225(_t94);
							goto L15;
						}
						_t108 = _t74 & 0x00000010;
						if((_t74 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                                0x00405c77
                                                                                                                                0x00405c7f
                                                                                                                                0x00405c88
                                                                                                                                0x00405c89
                                                                                                                                0x00405c8b
                                                                                                                                0x00405ca1
                                                                                                                                0x00405ca8
                                                                                                                                0x00405cb7
                                                                                                                                0x00405cc3
                                                                                                                                0x00405cc9
                                                                                                                                0x00405cce
                                                                                                                                0x00405cd5
                                                                                                                                0x00405ce8
                                                                                                                                0x00405ce8
                                                                                                                                0x00405cf3
                                                                                                                                0x00405c8d
                                                                                                                                0x00405c98
                                                                                                                                0x00405c98
                                                                                                                                0x00405cf8
                                                                                                                                0x00405d0a
                                                                                                                                0x00405d15
                                                                                                                                0x00405d21
                                                                                                                                0x00405db9
                                                                                                                                0x00405dc1
                                                                                                                                0x00405dca
                                                                                                                                0x00405dca
                                                                                                                                0x00405dd9
                                                                                                                                0x00405de3
                                                                                                                                0x00405de8
                                                                                                                                0x00405de8
                                                                                                                                0x00405dfe
                                                                                                                                0x00405e04
                                                                                                                                0x00405e0b
                                                                                                                                0x00405e1b
                                                                                                                                0x00405e9a
                                                                                                                                0x00405ea2
                                                                                                                                0x00405eac
                                                                                                                                0x00405eb1
                                                                                                                                0x00405eb7
                                                                                                                                0x00405f47
                                                                                                                                0x00405f4c
                                                                                                                                0x00405f4e
                                                                                                                                0x00405f69
                                                                                                                                0x00000000
                                                                                                                                0x00405f69
                                                                                                                                0x00405f50
                                                                                                                                0x00405f56
                                                                                                                                0x00405f5e
                                                                                                                                0x00405f5e
                                                                                                                                0x00000000
                                                                                                                                0x00405f56
                                                                                                                                0x00405ec5
                                                                                                                                0x00405ed0
                                                                                                                                0x00405ed5
                                                                                                                                0x00405ed7
                                                                                                                                0x00405ede
                                                                                                                                0x00405ede
                                                                                                                                0x00405ef0
                                                                                                                                0x00405ef2
                                                                                                                                0x00405ef4
                                                                                                                                0x00405f01
                                                                                                                                0x00405f08
                                                                                                                                0x00405f12
                                                                                                                                0x00405f12
                                                                                                                                0x00405f2d
                                                                                                                                0x00405f3d
                                                                                                                                0x00000000
                                                                                                                                0x00405f42
                                                                                                                                0x00405ea4
                                                                                                                                0x00405ea6
                                                                                                                                0x00000000
                                                                                                                                0x00405e1d
                                                                                                                                0x00405e23
                                                                                                                                0x00405e2d
                                                                                                                                0x00405e32
                                                                                                                                0x00405e38
                                                                                                                                0x00405e47
                                                                                                                                0x00405f6e
                                                                                                                                0x00405f6e
                                                                                                                                0x00000000
                                                                                                                                0x00405f6e
                                                                                                                                0x00405e56
                                                                                                                                0x00405e95
                                                                                                                                0x00000000
                                                                                                                                0x00405e95
                                                                                                                                0x00405d27
                                                                                                                                0x00405d27
                                                                                                                                0x00405d2a
                                                                                                                                0x00405d2c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405d32
                                                                                                                                0x00405d38
                                                                                                                                0x00405d4d
                                                                                                                                0x00405d52
                                                                                                                                0x00405d5b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405d5f
                                                                                                                                0x00405d63
                                                                                                                                0x00405d66
                                                                                                                                0x00405d73
                                                                                                                                0x00405d73
                                                                                                                                0x00405d7f
                                                                                                                                0x00405d84
                                                                                                                                0x00405dac
                                                                                                                                0x00405db4
                                                                                                                                0x00000000
                                                                                                                                0x00405d96
                                                                                                                                0x00405d97
                                                                                                                                0x00405da0
                                                                                                                                0x00405da6
                                                                                                                                0x00405da7
                                                                                                                                0x00000000
                                                                                                                                0x00405da7
                                                                                                                                0x00405da2
                                                                                                                                0x00405da4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00405da4
                                                                                                                                0x00405d84

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00406E4E: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403A5A,0000000A), ref: 00406E5C
                                                                                                                                  • Part of subcall function 00406E4E: GetProcAddress.KERNEL32(00000000), ref: 00406E78
                                                                                                                                • lstrcatW.KERNEL32(004DF000,00441D48), ref: 00405CF3
                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004D3000,004DF000,00441D48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00441D48,00000000,00000002,00000000), ref: 00405D77
                                                                                                                                • lstrcmpiW.KERNEL32(-000000FC,.exe,Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004D3000,004DF000,00441D48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00441D48,00000000), ref: 00405D8C
                                                                                                                                • GetFileAttributesW.KERNEL32(Delete on reboot: ), ref: 00405D97
                                                                                                                                  • Part of subcall function 00406A5B: wsprintfW.USER32 ref: 00406A68
                                                                                                                                • LoadImageW.USER32 ref: 00405DFE
                                                                                                                                • RegisterClassW.USER32 ref: 00405E42
                                                                                                                                • SystemParametersInfoW.USER32 ref: 00405E56
                                                                                                                                • CreateWindowExW.USER32 ref: 00405E8F
                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405EC5
                                                                                                                                • GetClassInfoW.USER32 ref: 00405EF0
                                                                                                                                • GetClassInfoW.USER32 ref: 00405F01
                                                                                                                                • RegisterClassW.USER32 ref: 00405F12
                                                                                                                                • DialogBoxParamW.USER32 ref: 00405F2D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Delete on reboot: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                • API String ID: 1975747703-2967253400
                                                                                                                                • Opcode ID: 5a286cb43dd624cb687f0f15e03400486da885af592673a19adda95703c33842
                                                                                                                                • Instruction ID: 0d6db7b81e4db769911c54f0a30338207693767b0401598626c936a96c101d59
                                                                                                                                • Opcode Fuzzy Hash: 5a286cb43dd624cb687f0f15e03400486da885af592673a19adda95703c33842
                                                                                                                                • Instruction Fuzzy Hash: BA71D274600711AAD710BB66ED4AF6B36ACEB04348B01457BF905B22E3DB7CAC548B6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040425A, Relevance: 37.1, APIs: 16, Strings: 5, Instructions: 301stringkeyboardCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 713 40425a-404291 714 404293-4042b3 call 406fa8 call 407252 call 405a4c GetDlgItem 713->714 715 4042ca-4042d0 713->715 733 404632-40464a call 40594c 714->733 755 4042b9-4042c5 IsDlgButtonChecked 714->755 717 4042d6-4042f2 GetDlgItem GetAsyncKeyState 715->717 718 404379-40437f 715->718 722 4042f4-404311 GetDlgItem call 4056fe ShowWindow 717->722 723 404315-40431d call 40730e 717->723 719 404385-404392 718->719 720 404466-40446c 718->720 725 404394-40439f 719->725 726 4043ac-4043b2 719->726 727 40447a-4044b4 call 406fa8 call 406a74 call 40708c call 406e4e 720->727 728 40446e-404474 720->728 722->723 738 40432f-40436e SetWindowTextW call 4056fe * 2 call 4056e7 call 406e4e 723->738 739 40431f-404327 call 407123 723->739 725->733 734 4043a5-4043a8 725->734 726->720 736 4043b8-404403 call 406119 SHBrowseForFolderW 726->736 773 404504-404513 call 40708c call 407123 727->773 774 4044b6 727->774 728->727 728->733 734->726 753 404405-40441f CoTaskMemFree call 40699c 736->753 754 40445d-404462 736->754 738->733 781 404374-404377 SHAutoComplete 738->781 739->738 756 404329-40432a call 40699c 739->756 766 404421-404427 753->766 767 404449-40445b SetDlgItemTextW 753->767 754->720 755->715 756->738 766->767 770 404429-404440 call 406119 lstrcmpiW 766->770 767->720 770->767 782 404442-404444 lstrcatW 770->782 793 404515-404517 773->793 794 40451a-404537 GetDiskFreeSpaceW 773->794 775 4044b8-4044d0 GetDiskFreeSpaceExW 774->775 779 4044d6-4044d8 775->779 780 404559-404565 775->780 784 4044da 779->784 785 4044dd-4044fd call 407225 779->785 786 404568-404577 780->786 781->718 782->767 784->785 785->775 796 4044ff 785->796 788 404581-40458f call 405a1d 786->788 799 4045a0 788->799 800 404591-404593 788->800 793->794 797 404579-40457d 794->797 798 404539-404557 MulDiv 794->798 796->773 797->788 798->786 802 4045a4-4045ae 799->802 800->799 801 404595 800->801 803 404597-404599 801->803 804 40459b-40459e 801->804 805 4045b0-4045c2 call 405744 802->805 806 4045ea-4045f2 802->806 803->799 803->804 804->802 815 4045c4-4045d8 call 405744 805->815 816 4045da-4045e5 SetDlgItemTextW 805->816 808 4045f4-4045fb call 4014e3 806->808 809 4045fd-40461d call 405687 806->809 808->809 817 40462c 809->817 818 40461f-404625 809->818 815->806 816->806 817->733 818->817 820 404627 call 405720 818->820 820->817
                                                                                                                                C-Code - Quality: 86%
                                                                                                                                			E0040425A(struct HWND__* _a4, struct HWND__* _a8, unsigned int _a12) {
				intOrPtr _v0;
				intOrPtr _v4;
				WCHAR* _v8;
				signed int _v12;
				WCHAR* _v24;
				void _v28;
				struct HWND__* _v32;
				unsigned int _v36;
				union _ULARGE_INTEGER _v40;
				intOrPtr _v52;
				union _ULARGE_INTEGER _v60;
				long _v64;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v84;
				void* _v92;
				void* _v96;
				void* _v100;
				void* _v104;
				void* _v112;
				intOrPtr _t70;
				short* _t77;
				signed int _t97;
				int _t103;
				int _t106;
				unsigned int _t107;
				union _ULARGE_INTEGER* _t111;
				struct HWND__* _t133;
				intOrPtr _t141;
				WCHAR* _t142;
				intOrPtr _t143;
				void* _t146;
				signed int _t148;
				signed int _t149;
				void* _t155;
				signed int _t157;
				long _t165;
				struct HWND__* _t167;
				WCHAR* _t168;
				unsigned int _t169;
				void* _t170;
				void* _t171;
				int* _t173;
				unsigned int _t174;
				short* _t175;
				struct HWND__* _t177;
				void* _t178;
				unsigned int _t207;

				_t178 =  &_v72;
				_t70 =  *0x451d4c;
				_t177 = _a4;
				_t141 =  *((intOrPtr*)(_t70 + 0x3c));
				asm("jecxz 0x10");
				_t167 = _a8;
				_t142 = _t141 + 0x47f000;
				_v52 = _t70;
				_v72 =  *((intOrPtr*)(_t70 + 0x38));
				if(_t167 != 0x40b) {
					L4:
					if(_t167 != 0x110) {
						L12:
						if(_t167 != 0x111) {
							L24:
							if(_t167 == 0x40f) {
								L26:
								_a4 = _a4 & 0x00000000;
								E00406FA8(0x3fb, _t142);
								E00406A74(_t196, _t142);
								_t168 = 0x455d68;
								_t155 = 1;
								_t145 =  ==  ? _t155 : 0;
								_v84 =  ==  ? _t155 : 0;
								E0040708C(0x455d68, _t142);
								if(E00406E4E(_t155) == 0) {
									L33:
									E0040708C(_t168, _t142);
									_t77 = E00407123(_t168);
									if(_t77 != 0) {
										 *_t77 = 0;
									}
									if(GetDiskFreeSpaceW(_t168,  &_v64,  &_v60, _t178 + 0x18, _t178 + 0x28) == 0) {
										_t169 = _v36;
										_t157 = _v40.LowPart;
										goto L40;
									} else {
										_t97 = MulDiv(_v64 * _v60.LowPart,  *(_t178 + 0x18), 0x400);
										asm("cdq");
										_t157 = _t97;
										_t169 = 0x300;
										L38:
										_v40.LowPart = _t157;
										_v36 = _t169;
										_a4 = 1;
										L40:
										_t146 = E00405A1D(5);
										if(_v0 == 0) {
											L45:
											_t143 = _v72;
											L46:
											if( *((intOrPtr*)( *0x476200 + 0x10)) != 0) {
												_push(0);
												E00405744(_t146, 0x3ff, 0xfffffffb, _t146);
												if(_v12 == 0) {
													SetDlgItemTextW(_t177, 0x400, 0x40a2c0);
												} else {
													_push(_v40.LowPart);
													E00405744(_t146, 0x400, 0xfffffffc,  *((intOrPtr*)(_t178 + 0x34)));
												}
											}
											 *0x47e304 = _t143;
											if(_t143 == 0) {
												_t143 = E004014E3(7);
											}
											_t170 = 0;
											_t171 =  ==  ? _t143 : _t170;
											E00405687(0 | _t171 == 0x00000000);
											if(_t171 == 0 &&  *0x451d60 == 0) {
												E00405720();
											}
											 *0x451d60 = 0;
											goto L56;
										}
										_t207 = _t169;
										if(_t207 > 0 || _t207 >= 0 && _t157 >= _t146) {
											goto L45;
										} else {
											_t143 = 2;
											goto L46;
										}
									}
								}
								_t173 = 0;
								while(1) {
									_t103 = GetDiskFreeSpaceExW(0x455d68,  &_v40,  &_v60, _t178 + 0x28); // executed
									if(_t103 != 0) {
										break;
									}
									if(_t173 != 0) {
										 *_t173 = _t103;
									}
									_t175 = E00407225(0x455d68);
									 *_t175 = 0;
									_t173 = _t175 - 2;
									_t106 = 0x5c;
									 *_t173 = _t106;
									if(_t173 != 0x455d68) {
										continue;
									} else {
										_t168 = 0x455d68;
										goto L33;
									}
								}
								_t174 = _v36;
								_t157 = (_t174 << 0x00000020 | _v40.LowPart) >> 0xa;
								_t169 = _t174 >> 0xa;
								__eflags = _t169;
								goto L38;
							}
							_t196 = _t167 - 0x405;
							if(_t167 != 0x405) {
								goto L56;
							}
							goto L26;
						}
						_t107 = _a12;
						_t148 = _t107 & 0x0000ffff;
						if(_t148 != 0x3fb) {
							L16:
							if(_t148 == 0x3e9) {
								_t149 = 7;
								memset( &_v28, 0, _t149 << 2);
								_t178 = _t178 + 0xc;
								_v32 = _t177;
								_v24 = 0x441d48;
								_v12 = E0040513A;
								_v8 = _t142;
								_v28 = E00406119(0x451d68, _v72);
								_t111 =  &_v40;
								_v24 = 0x41;
								__imp__SHBrowseForFolderW(_t111);
								if(_t111 == 0) {
									_t167 = 0x40f;
									_a4 = 0x40f;
								} else {
									__imp__CoTaskMemFree(_t111);
									E0040699C(_t142);
									_t114 =  *((intOrPtr*)( *0x47e230 + 0x11c));
									if( *((intOrPtr*)( *0x47e230 + 0x11c)) != 0 && _t142 == 0x4d3000) {
										E00406119(0, _t114);
										if(lstrcmpiW(0x46e1c0, 0x441d48) != 0) {
											lstrcatW(_t142, 0x46e1c0);
										}
									}
									 *0x451d60 =  *0x451d60 + 1;
									SetDlgItemTextW(_t177, 0x3fb, _t142);
								}
							}
							goto L24;
						}
						if(_t107 >> 0x10 != 0x300) {
							goto L56;
						}
						_t167 = _t148 + 0x14;
						_a8 = _t167;
						goto L16;
					}
					_a4 = GetDlgItem(_t177, 0x3fb);
					if((0x00008000 & GetAsyncKeyState(0x10)) != 0) {
						_t133 = GetDlgItem(_t177, 0x3f0);
						_push(0xffffffe0);
						_push(8);
						E004056FE(_t177);
						ShowWindow(_t133, 8);
						_t167 = _v4;
					}
					if(E0040730E(_t142) != 0 && E00407123(_t142) == 0) {
						E0040699C(_t142);
					}
					_t165 = _a4;
					 *0x4761fc = _t177;
					SetWindowTextW(_t165, _t142);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x68)) + 0x34)));
					_push(1);
					E004056FE(_t177);
					_push( *((intOrPtr*)(_a4 + 0x30)));
					_push(0x14);
					E004056FE(_t177);
					E004056E7(_t165);
					if(E00406E4E(7) == 0) {
						goto L56;
					} else {
						SHAutoComplete(_t165, 1); // executed
						goto L12;
					}
				} else {
					E00406FA8(0x3fb, _t142);
					E00407252(_t142);
					E00405A4C();
					if(GetDlgItem(_t177, 0x3f0) == 0) {
						L56:
						return E0040594C(_a8, _a12,  *((intOrPtr*)(_t178 + 0x68)));
					} else {
						 *0x46d1a0 = IsDlgButtonChecked(_t177, 0x3f0);
						goto L4;
					}
				}
			}



















































                                                                                                                                0x0040425a
                                                                                                                                0x0040425d
                                                                                                                                0x00404264
                                                                                                                                0x00404268
                                                                                                                                0x0040426c
                                                                                                                                0x0040426f
                                                                                                                                0x00404273
                                                                                                                                0x00404279
                                                                                                                                0x00404280
                                                                                                                                0x00404291
                                                                                                                                0x004042ca
                                                                                                                                0x004042d0
                                                                                                                                0x00404379
                                                                                                                                0x0040437f
                                                                                                                                0x00404466
                                                                                                                                0x0040446c
                                                                                                                                0x0040447a
                                                                                                                                0x0040447a
                                                                                                                                0x00404485
                                                                                                                                0x0040448b
                                                                                                                                0x00404494
                                                                                                                                0x00404499
                                                                                                                                0x0040449d
                                                                                                                                0x004044a1
                                                                                                                                0x004044a5
                                                                                                                                0x004044b4
                                                                                                                                0x00404504
                                                                                                                                0x00404506
                                                                                                                                0x0040450c
                                                                                                                                0x00404513
                                                                                                                                0x00404517
                                                                                                                                0x00404517
                                                                                                                                0x00404537
                                                                                                                                0x00404579
                                                                                                                                0x0040457d
                                                                                                                                0x00000000
                                                                                                                                0x00404539
                                                                                                                                0x0040454c
                                                                                                                                0x00404552
                                                                                                                                0x00404553
                                                                                                                                0x00404555
                                                                                                                                0x00404568
                                                                                                                                0x0040456a
                                                                                                                                0x0040456f
                                                                                                                                0x00404573
                                                                                                                                0x00404581
                                                                                                                                0x0040458d
                                                                                                                                0x0040458f
                                                                                                                                0x004045a0
                                                                                                                                0x004045a0
                                                                                                                                0x004045a4
                                                                                                                                0x004045ae
                                                                                                                                0x004045b0
                                                                                                                                0x004045b9
                                                                                                                                0x004045c2
                                                                                                                                0x004045e5
                                                                                                                                0x004045c4
                                                                                                                                0x004045c4
                                                                                                                                0x004045d3
                                                                                                                                0x004045d3
                                                                                                                                0x004045c2
                                                                                                                                0x004045ea
                                                                                                                                0x004045f2
                                                                                                                                0x004045fb
                                                                                                                                0x004045fb
                                                                                                                                0x00404603
                                                                                                                                0x0040460b
                                                                                                                                0x00404616
                                                                                                                                0x0040461d
                                                                                                                                0x00404627
                                                                                                                                0x00404627
                                                                                                                                0x0040462c
                                                                                                                                0x00000000
                                                                                                                                0x0040462c
                                                                                                                                0x00404591
                                                                                                                                0x00404593
                                                                                                                                0x00000000
                                                                                                                                0x0040459b
                                                                                                                                0x0040459d
                                                                                                                                0x00000000
                                                                                                                                0x0040459d
                                                                                                                                0x00404593
                                                                                                                                0x00404537
                                                                                                                                0x004044b6
                                                                                                                                0x004044b8
                                                                                                                                0x004044cc
                                                                                                                                0x004044d0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004044d8
                                                                                                                                0x004044da
                                                                                                                                0x004044da
                                                                                                                                0x004044e7
                                                                                                                                0x004044ed
                                                                                                                                0x004044f0
                                                                                                                                0x004044f3
                                                                                                                                0x004044f4
                                                                                                                                0x004044fd
                                                                                                                                0x00000000
                                                                                                                                0x004044ff
                                                                                                                                0x004044ff
                                                                                                                                0x00000000
                                                                                                                                0x004044ff
                                                                                                                                0x004044fd
                                                                                                                                0x0040455d
                                                                                                                                0x00404561
                                                                                                                                0x00404565
                                                                                                                                0x00404565
                                                                                                                                0x00000000
                                                                                                                                0x00404565
                                                                                                                                0x0040446e
                                                                                                                                0x00404474
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00404474
                                                                                                                                0x00404385
                                                                                                                                0x00404389
                                                                                                                                0x00404392
                                                                                                                                0x004043ac
                                                                                                                                0x004043b2
                                                                                                                                0x004043ba
                                                                                                                                0x004043c5
                                                                                                                                0x004043c5
                                                                                                                                0x004043cc
                                                                                                                                0x004043d5
                                                                                                                                0x004043d9
                                                                                                                                0x004043e1
                                                                                                                                0x004043ea
                                                                                                                                0x004043ee
                                                                                                                                0x004043f3
                                                                                                                                0x004043fb
                                                                                                                                0x00404403
                                                                                                                                0x0040445d
                                                                                                                                0x00404462
                                                                                                                                0x00404405
                                                                                                                                0x00404406
                                                                                                                                0x0040440d
                                                                                                                                0x00404417
                                                                                                                                0x0040441f
                                                                                                                                0x0040442c
                                                                                                                                0x00404440
                                                                                                                                0x00404444
                                                                                                                                0x00404444
                                                                                                                                0x00404440
                                                                                                                                0x00404449
                                                                                                                                0x00404456
                                                                                                                                0x00404456
                                                                                                                                0x00404403
                                                                                                                                0x00000000
                                                                                                                                0x004043b2
                                                                                                                                0x0040439f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004043a5
                                                                                                                                0x004043a8
                                                                                                                                0x00000000
                                                                                                                                0x004043a8
                                                                                                                                0x004042e0
                                                                                                                                0x004042f2
                                                                                                                                0x004042fa
                                                                                                                                0x004042fc
                                                                                                                                0x004042fe
                                                                                                                                0x00404303
                                                                                                                                0x0040430b
                                                                                                                                0x00404311
                                                                                                                                0x00404311
                                                                                                                                0x0040431d
                                                                                                                                0x0040432a
                                                                                                                                0x0040432a
                                                                                                                                0x0040432f
                                                                                                                                0x00404335
                                                                                                                                0x0040433b
                                                                                                                                0x00404345
                                                                                                                                0x00404348
                                                                                                                                0x0040434b
                                                                                                                                0x00404354
                                                                                                                                0x00404357
                                                                                                                                0x0040435a
                                                                                                                                0x00404360
                                                                                                                                0x0040436e
                                                                                                                                0x00000000
                                                                                                                                0x00404374
                                                                                                                                0x00404377
                                                                                                                                0x00000000
                                                                                                                                0x00404377
                                                                                                                                0x00404293
                                                                                                                                0x00404299
                                                                                                                                0x0040429f
                                                                                                                                0x004042a4
                                                                                                                                0x004042b3
                                                                                                                                0x00404632
                                                                                                                                0x0040464a
                                                                                                                                0x004042b9
                                                                                                                                0x004042c5
                                                                                                                                0x00000000
                                                                                                                                0x004042c5
                                                                                                                                0x004042b3

                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32 ref: 004042AF
                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 004042BF
                                                                                                                                • GetDlgItem.USER32 ref: 004042DC
                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 004042E4
                                                                                                                                • GetDlgItem.USER32 ref: 004042FA
                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0,?,000003F0,?,000003FB), ref: 0040430B
                                                                                                                                • SetWindowTextW.USER32(?), ref: 0040433B
                                                                                                                                • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?,?,?,?,000003FB), ref: 00404377
                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 004043FB
                                                                                                                                • lstrcmpiW.KERNEL32(Delete on reboot: ,00441D48,00000000,?), ref: 00404438
                                                                                                                                • lstrcatW.KERNEL32(?,Delete on reboot: ), ref: 00404444
                                                                                                                                • SetDlgItemTextW.USER32 ref: 00404456
                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404406
                                                                                                                                  • Part of subcall function 00406FA8: GetDlgItemTextW.USER32(?,?,00002000,0040448A), ref: 00406FBB
                                                                                                                                  • Part of subcall function 00407252: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072BB
                                                                                                                                  • Part of subcall function 00407252: CharNextW.USER32(?,?,?,00000000), ref: 004072CA
                                                                                                                                  • Part of subcall function 00407252: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072CF
                                                                                                                                  • Part of subcall function 00407252: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072E9
                                                                                                                                  • Part of subcall function 00405A4C: lstrcatW.KERNEL32(00000000,00000000), ref: 00405A67
                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(00455D68,?,?,?,00000001,00455D68,?,?,000003FB), ref: 004044CC
                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(00455D68,?,?,?,?,00455D68,00455D68,?,00000001,00455D68,?,?,000003FB), ref: 0040452F
                                                                                                                                • MulDiv.KERNEL32(?,?,00000400), ref: 0040454C
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Item$Char$FreeNextText$DiskSpaceWindowlstrcat$AsyncAutoBrowseButtonCheckedCompleteFolderPrevShowStateTasklstrcmpi
                                                                                                                                • String ID: A$Delete on reboot: $h]E$h]E$h]E
                                                                                                                                • API String ID: 4221108549-3367319730
                                                                                                                                • Opcode ID: 8d2dc80966249f858ad0d6de98207be47bb4f588584a0265ac93a3a647878039
                                                                                                                                • Instruction ID: c9630a7a070fc77616773ce775d00224f67a2aaa89ae8f8147909149b506bcd8
                                                                                                                                • Opcode Fuzzy Hash: 8d2dc80966249f858ad0d6de98207be47bb4f588584a0265ac93a3a647878039
                                                                                                                                • Instruction Fuzzy Hash: 9DA1AFB1944301ABD710AB658C41F6B76A8AFC4744F01493FFB85B72D2DB7CD8018B6A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004019CE, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 186stringtimeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 61%
                                                                                                                                			E004019CE(FILETIME* __ebx, void* _a4, signed int _a8, signed int _a16, void* _a24, signed int _a36) {
				void* _v4;
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v28;
				void* _v36;
				void* _v44;
				signed int _t21;
				void* _t23;
				intOrPtr _t31;
				FILETIME* _t33;
				signed int _t38;
				FILETIME* _t39;
				FILETIME* _t56;
				FILETIME* _t63;
				FILETIME* _t64;
				FILETIME* _t66;
				signed int _t68;
				signed int _t78;
				void* _t80;
				WCHAR* _t83;
				signed int _t87;
				FILETIME* _t88;
				signed int _t94;
				WCHAR* _t95;
				void* _t97;
				void* _t98;

				_t66 = __ebx;
				_t21 = E00403312(_t80, 0x31);
				_t68 = _a36;
				_t94 = _t21;
				_a16 = _t94;
				_t87 = _t68 & 0x00000007;
				_push(_t94);
				_push(_t68 >> 0x00000003 & 0x00000002);
				E00406AF2(L"File: overwriteflag=%d, allowskipfilesflag=%d, name=\"%s\"", _t87);
				_t98 = _t97 + 0x10;
				_t23 = E0040730E(_t94);
				_push(_t94);
				_t95 = L"Call";
				if(_t23 == 0) {
					lstrcatW(E0040699C(E0040708C(_t95, 0x4d7000)), ??);
				} else {
					E0040708C();
				}
				E00407252(_t95);
				__eflags = 1;
				while(1) {
					__eflags = _t87 - 3;
					if(_t87 >= 3) {
						_t63 = E00406A15(_t95);
						_t78 = _t66;
						__eflags = _t63;
						if(_t63 != 0) {
							_t64 = _t63 + 0x14;
							__eflags = _t64;
							_t78 = CompareFileTime(_t64, _t98 + 0x34);
						}
						asm("sbb esi, esi");
						_t87 =  ~((_t87 + 0xfffffffd | 0x80000000) & _t78) + 1;
						__eflags = _t87;
					}
					__eflags = _t87;
					if(_t87 == 0) {
						E004070FB(_t95);
					}
					__eflags = _t87 - 1;
					_t31 = E00406E83(_t95, 0x40000000, (0 | _t87 != 1) + 1);
					 *((intOrPtr*)(_t98 + 0x18)) = _t31;
					__eflags = _t31 - 0xffffffff;
					if(_t31 != 0xffffffff) {
						break;
					}
					__eflags = _t87;
					if(_t87 != 0) {
						E00405F97(0xffffffe2,  *(_t98 + 0x14));
						_push(_t87);
						E00406AF2(L"File: skipped: \"%s\" (overwriteflag=%d)", _t95);
						_t98 = _t98 + 0xc;
						__eflags = _t87 - 2;
						_t38 = 0 | __eflags == 0x00000000;
						L31:
						 *0x47e2e8 =  *0x47e2e8 + _t38;
						__eflags =  *0x47e2e8;
						goto L32;
					} else {
						E00406AF2(L"File: error creating \"%s\"", _t95);
						E0040708C("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp", 0x47f000);
						E0040708C(0x47f000, _t95);
						E00406119("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll",  *((intOrPtr*)(_t98 + 0x3c)));
						E0040708C(0x47f000, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp");
						_t56 = E0040701A("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll", _a8 >> 3) - 4;
						__eflags = _t56;
						if(_t56 != 0) {
							__eflags = _t56 == 1;
							if(_t56 == 1) {
								_push(L"File: error, user cancel");
								E00406AF2();
								 *0x47e2e8 =  &( *0x47e2e8->dwLowDateTime);
								L32:
								_t39 = 0;
								__eflags = 0;
							} else {
								_push(L"File: error, user abort");
								E00406AF2();
								_push(_t95);
								_push(0xfffffffa);
								E00405F97();
								L2:
								_t39 = 0x7fffffff;
							}
						} else {
							_push(L"File: error, user retry");
							E00406AF2();
							continue;
						}
					}
					L33:
					return _t39;
				}
				_t83 =  *(_t98 + 0x14);
				E00405F97(0xffffffea, _t83);
				 *0x47e314 =  *0x47e314 + 1;
				_t33 = E0040342F( *((intOrPtr*)(_t98 + 0x3c)), _a16, _t66, _t66);
				 *0x47e314 =  *0x47e314 - 1;
				_t88 = _t33;
				_push(_t95);
				E00406AF2(L"File: wrote %d to \"%s\"", _t88);
				_t98 = _t98 + 0xc;
				__eflags =  *(_t98 + 0x34) - 0xffffffff;
				if( *(_t98 + 0x34) != 0xffffffff) {
					L23:
					SetFileTime(_a24, _t98 + 0x34, _t66, _t98 + 0x34); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t98 + 0x38)) - 0xffffffff;
					if( *((intOrPtr*)(_t98 + 0x38)) != 0xffffffff) {
						goto L23;
					}
				}
				FindCloseChangeNotification(_a24); // executed
				__eflags = _t88;
				if(_t88 >= 0) {
					_t38 = _a16;
					goto L31;
				} else {
					__eflags = _t88 - 0xfffffffe;
					if(_t88 != 0xfffffffe) {
						E00406119(_t95, 0xffffffee);
					} else {
						E00406119(_t95, 0xffffffe9);
						lstrcatW(_t95, _t83);
					}
					E00406AF2(L"%s", _t95);
					_push(0x200010);
					_push(_t95);
					E0040701A();
					goto L2;
				}
				goto L33;
			}































                                                                                                                                0x004019ce
                                                                                                                                0x004019d0
                                                                                                                                0x004019d5
                                                                                                                                0x004019d9
                                                                                                                                0x004019dd
                                                                                                                                0x004019e4
                                                                                                                                0x004019e7
                                                                                                                                0x004019eb
                                                                                                                                0x004019f2
                                                                                                                                0x004019f7
                                                                                                                                0x004019fb
                                                                                                                                0x00401a00
                                                                                                                                0x00401a01
                                                                                                                                0x00401a08
                                                                                                                                0x00401a24
                                                                                                                                0x00401a0a
                                                                                                                                0x00401a0b
                                                                                                                                0x00401a0b
                                                                                                                                0x00401a2a
                                                                                                                                0x00401a31
                                                                                                                                0x00401a32
                                                                                                                                0x00401a32
                                                                                                                                0x00401a35
                                                                                                                                0x00401a38
                                                                                                                                0x00401a3d
                                                                                                                                0x00401a3f
                                                                                                                                0x00401a41
                                                                                                                                0x00401a47
                                                                                                                                0x00401a47
                                                                                                                                0x00401a52
                                                                                                                                0x00401a52
                                                                                                                                0x00401a61
                                                                                                                                0x00401a63
                                                                                                                                0x00401a63
                                                                                                                                0x00401a63
                                                                                                                                0x00401a64
                                                                                                                                0x00401a66
                                                                                                                                0x00401a69
                                                                                                                                0x00401a69
                                                                                                                                0x00401a70
                                                                                                                                0x00401a7d
                                                                                                                                0x00401a82
                                                                                                                                0x00401a86
                                                                                                                                0x00401a89
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401a8f
                                                                                                                                0x00401a91
                                                                                                                                0x00401b37
                                                                                                                                0x00401b3c
                                                                                                                                0x00401b43
                                                                                                                                0x00401b48
                                                                                                                                0x00401b4d
                                                                                                                                0x00401b50
                                                                                                                                0x00403173
                                                                                                                                0x00403173
                                                                                                                                0x00403173
                                                                                                                                0x00000000
                                                                                                                                0x00401a97
                                                                                                                                0x00401a9d
                                                                                                                                0x00401aae
                                                                                                                                0x00401ab9
                                                                                                                                0x00401ac7
                                                                                                                                0x00401ad6
                                                                                                                                0x00401aed
                                                                                                                                0x00401aed
                                                                                                                                0x00401af0
                                                                                                                                0x00401b02
                                                                                                                                0x00401b05
                                                                                                                                0x00401b1a
                                                                                                                                0x00401b1f
                                                                                                                                0x00401b24
                                                                                                                                0x00403179
                                                                                                                                0x00403179
                                                                                                                                0x00403179
                                                                                                                                0x00401b07
                                                                                                                                0x00401b07
                                                                                                                                0x00401b0c
                                                                                                                                0x00401b12
                                                                                                                                0x00401b13
                                                                                                                                0x00401599
                                                                                                                                0x0040159e
                                                                                                                                0x0040159e
                                                                                                                                0x0040159e
                                                                                                                                0x00401af2
                                                                                                                                0x00401af2
                                                                                                                                0x00401af7
                                                                                                                                0x00000000
                                                                                                                                0x00401afc
                                                                                                                                0x00401af0
                                                                                                                                0x0040317b
                                                                                                                                0x00403185
                                                                                                                                0x00403185
                                                                                                                                0x00401b58
                                                                                                                                0x00401b5f
                                                                                                                                0x00401b64
                                                                                                                                0x00401b74
                                                                                                                                0x00401b79
                                                                                                                                0x00401b7f
                                                                                                                                0x00401b81
                                                                                                                                0x00401b88
                                                                                                                                0x00401b8d
                                                                                                                                0x00401b90
                                                                                                                                0x00401b95
                                                                                                                                0x00401b9e
                                                                                                                                0x00401ba9
                                                                                                                                0x00401b97
                                                                                                                                0x00401b97
                                                                                                                                0x00401b9c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401b9c
                                                                                                                                0x00401bb3
                                                                                                                                0x00401bb9
                                                                                                                                0x00401bbb
                                                                                                                                0x0040316f
                                                                                                                                0x00000000
                                                                                                                                0x00401bc1
                                                                                                                                0x00401bc1
                                                                                                                                0x00401bc4
                                                                                                                                0x00401bda
                                                                                                                                0x00401bc6
                                                                                                                                0x00401bc9
                                                                                                                                0x00401bd0
                                                                                                                                0x00401bd0
                                                                                                                                0x00401be5
                                                                                                                                0x00401bec
                                                                                                                                0x00401bf1
                                                                                                                                0x00401bf2
                                                                                                                                0x00000000
                                                                                                                                0x00401bf2
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 00401A24
                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,004D7000,00000000,00000000), ref: 00401A4C
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CompareFileTimelstrcatlstrcpynlstrlenwvsprintf
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$Call$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                • API String ID: 1045061362-1549740375
                                                                                                                                • Opcode ID: d56aee6afc0a2bfb4365de1dbe9fd2a2896bce10170f748604a8769ac8d54f9d
                                                                                                                                • Instruction ID: 205e0ae37c539be9bdd6e54697e7fe33e11d0dd9b8dac6eb4c3ac5e4a2d171f7
                                                                                                                                • Opcode Fuzzy Hash: d56aee6afc0a2bfb4365de1dbe9fd2a2896bce10170f748604a8769ac8d54f9d
                                                                                                                                • Instruction Fuzzy Hash: 47511832A082107AD2107BB68C06F2B355CDA81768B21473FFC96761E3E97CAD40857F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040289A, Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 142registrystringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 986 40289a-4028fd call 403312 * 2 call 40687e call 4032f7 call 406550 997 402a40-402a4f call 406af2 986->997 998 402903-402912 986->998 1008 40316f-403185 997->1008 1000 402962 998->1000 1001 402914-40293b call 403312 lstrlenW 998->1001 1002 402966-402969 1000->1002 1010 40293d-40294a call 406af2 1001->1010 1011 40294f-402960 call 406af2 1001->1011 1006 402997-40299a 1002->1006 1007 40296b-402994 call 4032d6 call 406af2 1002->1007 1013 40299c-4029fb call 40342f call 4067ff call 406af2 1006->1013 1014 4029fe-402a19 RegSetValueExW 1006->1014 1007->1006 1010->1014 1011->1002 1013->1014 1019 402a21-402a2e call 406af2 1014->1019 1020 402a1b-402a1f 1014->1020 1026 402a31-402a3b RegCloseKey 1019->1026 1020->1026 1026->1008
                                                                                                                                C-Code - Quality: 51%
                                                                                                                                			E0040289A(int __ebx, void* _a4, intOrPtr _a8, int _a16, void* _a20, void* _a24, int _a32, void* _a36, void* _a40, intOrPtr _a56, int _a60, int _a64, intOrPtr _a68, char _a76, void* _a104) {
				void* _v0;
				void* _v4;
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				int _t47;
				intOrPtr _t49;
				long _t50;
				int _t53;
				char _t61;
				signed int _t64;
				int _t68;
				intOrPtr _t72;
				void* _t75;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t82;
				void* _t83;
				short* _t88;
				void* _t89;
				void* _t91;

				_t68 = __ebx;
				_a68 = _a56;
				_a64 = _a60;
				_a24 = E00403312(_t75, 2);
				_t83 = E00403312(_t75, 0x11);
				_t85 = E0040687E(_t78);
				_a16 = _t42;
				_a8 = 1;
				E00406550(_t91, E004032F7(_a68), _t83, 0x100022,  &_a76); // executed
				_t72 =  !=  ? 0 : _a56;
				_v8 = _t72;
				if(_t72 == 0) {
					_push(_t83);
					E00406AF2(L"WriteReg: error creating key \"%s\\%s\"", _t85);
					_t89 = _t89 + 0xc;
				} else {
					_t49 = _a68;
					_a32 = __ebx;
					if(_t49 != 1) {
						_t82 = _a24;
						goto L6;
					} else {
						E00403312(0, 0x23);
						_t64 = lstrlenW(0x414108);
						_t82 = _a20;
						_push(0x414108);
						_push(_a24);
						_push(_t83);
						 *((intOrPtr*)(_t89 + 0x2c)) = 2 + _t64 * 2;
						_push(_t82);
						if(_a60 != 1) {
							_push(L"WriteRegExpandStr: \"%s\\%s\" \"%s\"=\"%s\"");
							E00406AF2();
							_t49 = _a68;
							_t89 = _t89 + 0x14;
							L6:
							__eflags = _t49 - 4;
							if(_t49 == 4) {
								_t61 = E004032D6(3);
								_push(_t61);
								_push( *((intOrPtr*)(_t89 + 0x24)));
								 *0x414108 = _t61;
								_push(_t83);
								_a32 = 4;
								E00406AF2(L"WriteRegDWORD: \"%s\\%s\" \"%s\"=\"0x%08x\"", _t82);
								_t49 = _a68;
								_t89 = _t89 + 0x18;
							}
							__eflags = _t49 - 3;
							if(_t49 == 3) {
								_t53 = E0040342F( *((intOrPtr*)(_t89 + 0x40)), _t68, 0x414108, 0xc000);
								_push(_t53);
								_push(0x414108);
								_a16 = _t53;
								_push(0x80);
								_push(_t89 + 0x9c);
								E004067FF();
								_t77 =  *((intOrPtr*)(_t89 + 0x50));
								_push(_t89 + 0xa4);
								_push( *((intOrPtr*)(_t89 + 0x30)));
								__eflags = _t77 - 7;
								_t74 =  !=  ? L"WriteRegBin" : L"WriteRegMultiStr";
								_push(_t83);
								__eflags = _t77;
								_push(_t82);
								_t59 =  !=  ?  !=  ? L"WriteRegBin" : L"WriteRegMultiStr" : L"WriteRegNone";
								E00406AF2(L"%s: \"%s\\%s\" \"%s\"=\"%s\"",  !=  ?  !=  ? L"WriteRegBin" : L"WriteRegMultiStr" : L"WriteRegNone");
								_t89 = _t89 + 0x28;
							}
						} else {
							_push(L"WriteRegStr: \"%s\\%s\" \"%s\"=\"%s\"");
							E00406AF2();
							_t89 = _t89 + 0x14;
						}
					}
					_t88 =  *(_t89 + 0x28);
					_t50 = RegSetValueExW(_a20, _t88, _t68, _a64, 0x414108, _a32); // executed
					if(_t50 != 0) {
						_push(_t88);
						_push(_t83);
						E00406AF2(L"WriteReg: error writing into \"%s\\%s\" \"%s\"", _t82);
						_t89 = _t89 + 0x10;
					} else {
						_a16 = _t68;
					}
					_push(_a20);
					RegCloseKey();
				}
				_t47 = _a16;
				 *0x47e2e8 =  *0x47e2e8 + _t47;
				return 0;
			}
























                                                                                                                                0x0040289a
                                                                                                                                0x0040289e
                                                                                                                                0x004028a8
                                                                                                                                0x004028b3
                                                                                                                                0x004028bd
                                                                                                                                0x004028c5
                                                                                                                                0x004028cd
                                                                                                                                0x004028dd
                                                                                                                                0x004028e7
                                                                                                                                0x004028f4
                                                                                                                                0x004028f7
                                                                                                                                0x004028fd
                                                                                                                                0x00402a40
                                                                                                                                0x00402a47
                                                                                                                                0x00402a4c
                                                                                                                                0x00402903
                                                                                                                                0x00402903
                                                                                                                                0x0040290c
                                                                                                                                0x00402912
                                                                                                                                0x00402962
                                                                                                                                0x00000000
                                                                                                                                0x00402914
                                                                                                                                0x00402916
                                                                                                                                0x0040291c
                                                                                                                                0x00402925
                                                                                                                                0x00402929
                                                                                                                                0x0040292a
                                                                                                                                0x00402935
                                                                                                                                0x00402936
                                                                                                                                0x0040293a
                                                                                                                                0x0040293b
                                                                                                                                0x0040294f
                                                                                                                                0x00402954
                                                                                                                                0x00402959
                                                                                                                                0x0040295d
                                                                                                                                0x00402966
                                                                                                                                0x00402966
                                                                                                                                0x00402969
                                                                                                                                0x0040296d
                                                                                                                                0x00402972
                                                                                                                                0x00402973
                                                                                                                                0x00402977
                                                                                                                                0x0040297c
                                                                                                                                0x00402983
                                                                                                                                0x0040298b
                                                                                                                                0x00402990
                                                                                                                                0x00402994
                                                                                                                                0x00402994
                                                                                                                                0x00402997
                                                                                                                                0x0040299a
                                                                                                                                0x004029a7
                                                                                                                                0x004029ac
                                                                                                                                0x004029ad
                                                                                                                                0x004029ae
                                                                                                                                0x004029b9
                                                                                                                                0x004029be
                                                                                                                                0x004029bf
                                                                                                                                0x004029c4
                                                                                                                                0x004029cf
                                                                                                                                0x004029d0
                                                                                                                                0x004029d4
                                                                                                                                0x004029e1
                                                                                                                                0x004029e9
                                                                                                                                0x004029ea
                                                                                                                                0x004029ec
                                                                                                                                0x004029ed
                                                                                                                                0x004029f6
                                                                                                                                0x004029fb
                                                                                                                                0x004029fb
                                                                                                                                0x0040293d
                                                                                                                                0x0040293d
                                                                                                                                0x00402942
                                                                                                                                0x00402947
                                                                                                                                0x00402947
                                                                                                                                0x0040293b
                                                                                                                                0x00402a07
                                                                                                                                0x00402a11
                                                                                                                                0x00402a19
                                                                                                                                0x00402a21
                                                                                                                                0x00402a22
                                                                                                                                0x00402a29
                                                                                                                                0x00402a2e
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a1b
                                                                                                                                0x00402a31
                                                                                                                                0x00402a35
                                                                                                                                0x00402a35
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp,00000023,00000000,?,00000000,00100022,?,00000011,00000002), ref: 0040291C
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp,?,00000000,?,00000000,00100022,?,00000011,00000002), ref: 00402A11
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A35
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrlen$CloseValuewvsprintf
                                                                                                                                • String ID: %s: "%s\%s" "%s"="%s"$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp$WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegMultiStr$WriteRegNone$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                • API String ID: 1989453342-1493147128
                                                                                                                                • Opcode ID: e73e1e2d537e84fdce21ec93ee2a4a53f40b129b77a917a20e96271d60bb024c
                                                                                                                                • Instruction ID: e55c95b53bb5fdb44d4166181fd4f9eac3495b5500310e05512e1456d437a84b
                                                                                                                                • Opcode Fuzzy Hash: e73e1e2d537e84fdce21ec93ee2a4a53f40b129b77a917a20e96271d60bb024c
                                                                                                                                • Instruction Fuzzy Hash: B641B170604300ABD610EF65CC45E1BBBE8EFC5748F00483EF585B21D2E6B9DD109B5A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406119, Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 237stringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1036 406119-406122 1037 406124-406133 1036->1037 1038 406135-406151 1036->1038 1037->1038 1039 406153-40615e 1038->1039 1040 406168-40616e 1038->1040 1039->1040 1041 406160-406164 1039->1041 1042 4063a2-4063a9 1040->1042 1043 406174-406179 1040->1043 1041->1040 1044 4063b4 1042->1044 1045 4063ab-4063b2 call 40708c 1042->1045 1046 40617a-406186 1043->1046 1048 4063b6-4063bd 1044->1048 1045->1048 1049 40618c-406194 1046->1049 1050 40639e 1046->1050 1052 40637a 1049->1052 1053 40619a-4061dd 1049->1053 1050->1042 1056 406386 1052->1056 1057 40637c-406384 1052->1057 1054 4061e3-4061ea 1053->1054 1055 40631f-406322 1053->1055 1058 406208-40620d 1054->1058 1059 4061ec-4061f4 1054->1059 1060 406324-406327 1055->1060 1061 406358-40635e 1055->1061 1062 406389 1056->1062 1057->1062 1066 406211-406223 1058->1066 1059->1058 1065 4061f6-4061f9 1059->1065 1067 406337-406343 call 40708c 1060->1067 1068 406329-406335 call 406a5b 1060->1068 1063 406360-406364 call 406119 1061->1063 1064 406369-406378 lstrlenW 1061->1064 1069 40638b-406398 1062->1069 1063->1064 1064->1069 1065->1058 1072 4061fb-4061fe 1065->1072 1073 406265-406268 1066->1073 1074 406225-406253 call 406ee1 1066->1074 1076 406348-40634e 1067->1076 1068->1076 1069->1046 1069->1050 1072->1058 1079 406200-406206 1072->1079 1077 40626a-406276 GetSystemDirectoryW 1073->1077 1078 40627b-40627e 1073->1078 1087 406302-406305 1074->1087 1088 406259-406260 call 406119 1074->1088 1076->1064 1083 406350-406356 call 407252 1076->1083 1084 4062fd-406300 1077->1084 1085 406280-40628c GetWindowsDirectoryW 1078->1085 1086 40628e-406290 1078->1086 1079->1066 1083->1064 1084->1087 1090 406313-40631d call 407252 1084->1090 1085->1086 1086->1084 1091 406292 1086->1091 1087->1090 1094 406307-40630d lstrcatW 1087->1094 1088->1084 1090->1064 1096 406296-40629e 1091->1096 1094->1090 1099 4062a0-4062a2 1096->1099 1100 4062b7-4062cd SHGetSpecialFolderLocation 1096->1100 1099->1100 1103 4062a4-4062ab 1099->1103 1101 4062ea-4062f3 1100->1101 1102 4062cf-4062e8 SHGetPathFromIDListW CoTaskMemFree 1100->1102 1101->1096 1105 4062f5 1101->1105 1102->1101 1104 4062f7 1102->1104 1107 4062b3-4062b5 1103->1107 1106 4062f9 1104->1106 1105->1106 1106->1084 1107->1100 1107->1106
                                                                                                                                C-Code - Quality: 74%
                                                                                                                                			E00406119(WCHAR* _a4, signed int _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed char* _v20;
				struct _ITEMIDLIST* _v24;
				intOrPtr _v32;
				signed int _t33;
				WCHAR* _t35;
				void* _t39;
				short _t40;
				void* _t47;
				int _t50;
				intOrPtr _t59;
				void* _t62;
				signed int _t65;
				long _t67;
				signed int _t69;
				signed char* _t83;
				void* _t85;
				signed int _t86;
				signed int _t88;
				signed int _t89;
				WCHAR* _t93;
				short _t94;
				WCHAR* _t97;
				void* _t102;
				signed int _t106;
				signed int _t108;
				WCHAR* _t111;
				void* _t113;
				signed int _t114;
				signed int _t115;
				struct _ITEMIDLIST** _t116;

				_t116 =  &_v24;
				_t33 = _a8;
				if(_t33 < 0) {
					_t33 =  *( *0x476200 - 4 + _t33 * 4);
				}
				_t93 = 0x46e1c0;
				_t111 = _a4;
				_t83 =  *0x47e258 + _t33 * 2;
				_t97 = 0x46e1c0;
				if(_t111 >= 0x46e1c0 && _t111 - 0x46e1c0 >> 1 < 0x4000) {
					_t97 = _t111;
					_t111 = 0;
					_a4 = 0;
				}
				_t88 =  *_t83 & 0x0000ffff;
				if(_t88 == 0) {
					L53:
					 *_t97 = 0;
					if(_t111 == 0) {
						_t35 = _t93;
					} else {
						_t35 = E0040708C(_t111, _t93);
					}
					return _t35;
				} else {
					_t113 = 2;
					_t102 = 4;
					while((_t97 - _t93 & 0xfffffffe) < 0x4000) {
						_t94 = _t88 & 0x0000ffff;
						_t83 =  &(_t83[_t113]);
						if(_t94 >= _t102) {
							if(__eflags != 0) {
								 *_t97 = _t94;
							} else {
								_t40 =  *_t83;
								_t83 =  &(_t83[_t113]);
								 *_t97 = _t40;
							}
							_t39 = _t113;
							L51:
							_t88 =  *_t83 & 0x0000ffff;
							_t97 = _t97 + _t39;
							_t93 = 0x46e1c0;
							if(_t88 != 0) {
								continue;
							}
							break;
						}
						_t89 =  *_t83 & 0x000000ff;
						_t114 = _t83[1] & 0x000000ff;
						_t106 = (_t83[1] & 0x0000007f) << 0x00000007 |  *_t83 & 0x0000007f;
						_v12 = _t89;
						_v4 = _t114;
						_v16 = _t89 | 0x00008000;
						_v8 = _t114 | 0x00008000;
						_t47 = 2;
						_t83 =  &(_t83[_t47]);
						_v20 = _t83;
						if(_t94 != _t47) {
							__eflags = _t94 - 3;
							if(_t94 != 3) {
								__eflags = _t94 - 1;
								if(__eflags == 0) {
									E00406119(_t97,  !_t106);
								}
							} else {
								__eflags = _t106 - 0x1d;
								if(_t106 != 0x1d) {
									__eflags = (_t106 << 0xe) + 0x47f000;
									E0040708C(_t97, (_t106 << 0xe) + 0x47f000);
								} else {
									E00406A5B(_t97,  *0x47621c);
								}
								__eflags = _t106 - 0x15 - 7;
								if(__eflags < 0) {
									E00407252(_t97);
								}
							}
							L46:
							_t50 = lstrlenW(_t97);
							_t113 = 2;
							_t39 = _t50 + _t50;
							_t102 = 4;
							goto L51;
						}
						_t59 =  *0x476210;
						if(_t59 >= 0 || _t59 == 0x5a04 || _t114 == 0x23 || _t114 == 0x2e) {
							_t108 = 0;
							__eflags = 0;
							_a8 = 1;
						} else {
							_t108 = 0;
							_a8 = 0;
						}
						_t85 = 2;
						_t62 = 4;
						_t86 =  !=  ? _t62 : _t85;
						_t130 = _t89;
						if(_t89 >= 0) {
							__eflags = _t89 - 0x25;
							if(_t89 != 0x25) {
								__eflags = _t89 - 0x24;
								if(_t89 == 0x24) {
									GetWindowsDirectoryW(_t97, 0x2000);
									_t86 = _t108;
								}
								__eflags = _t86;
								if(_t86 == 0) {
									goto L34;
								} else {
									_t115 = _a8;
									do {
										_t65 =  *0x476214;
										_t86 = _t86 - 1;
										__eflags = _t65;
										if(_t65 == 0) {
											L28:
											_t67 = SHGetSpecialFolderLocation( *0x47621c,  *(_t116 + 0x1c + _t86 * 4),  &_v24);
											__eflags = _t67;
											if(_t67 != 0) {
												goto L30;
											}
											__imp__SHGetPathFromIDListW(_v24, _t97);
											__imp__CoTaskMemFree(_v32);
											__eflags = _t67;
											if(_t67 != 0) {
												_t108 = 0;
												__eflags = 0;
												L33:
												_t114 = _v4;
												goto L34;
											}
											goto L30;
										}
										__eflags = _t115;
										if(_t115 == 0) {
											goto L28;
										}
										_t69 =  *_t65( *0x47621c,  *((intOrPtr*)(_t116 + 0x24 + _t86 * 4)), _t108, _t108, _t97); // executed
										__eflags = _t69;
										if(_t69 == 0) {
											goto L33;
										}
										goto L28;
										L30:
										 *_t97 = 0;
										_push(0);
										_pop(_t108);
										__eflags = _t86;
									} while (_t86 != 0);
									goto L33;
								}
							}
							GetSystemDirectoryW(_t97, 0x2000);
							goto L34;
						} else {
							E00406EE1(_t89 & 0x0000003f, _t130, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion", (_t89 & 0x0000003f) * 2 +  *0x47e258, _t97, _t89 & 0x00000040);
							_t114 = _v24;
							if( *_t97 != _t108) {
								L35:
								if(_t114 == 0x1a) {
									lstrcatW(_t97, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								L37:
								E00407252(_t97);
								_t83 = _v24;
								goto L46;
							}
							E00406119(_t97, _t114);
							L34:
							if( *_t97 == _t108) {
								goto L37;
							}
							goto L35;
						}
					}
					_t111 = _a4;
					goto L53;
				}
			}





































                                                                                                                                0x0040611d
                                                                                                                                0x00406119
                                                                                                                                0x00406122
                                                                                                                                0x00406133
                                                                                                                                0x00406133
                                                                                                                                0x0040613b
                                                                                                                                0x00406142
                                                                                                                                0x00406149
                                                                                                                                0x0040614d
                                                                                                                                0x00406151
                                                                                                                                0x00406160
                                                                                                                                0x00406162
                                                                                                                                0x00406164
                                                                                                                                0x00406164
                                                                                                                                0x00406168
                                                                                                                                0x0040616e
                                                                                                                                0x004063a2
                                                                                                                                0x004063a4
                                                                                                                                0x004063a9
                                                                                                                                0x004063b4
                                                                                                                                0x004063ab
                                                                                                                                0x004063ad
                                                                                                                                0x004063ad
                                                                                                                                0x004063bd
                                                                                                                                0x00406174
                                                                                                                                0x00406176
                                                                                                                                0x00406179
                                                                                                                                0x0040617a
                                                                                                                                0x0040618c
                                                                                                                                0x0040618f
                                                                                                                                0x00406194
                                                                                                                                0x0040637a
                                                                                                                                0x00406386
                                                                                                                                0x0040637c
                                                                                                                                0x0040637c
                                                                                                                                0x0040637f
                                                                                                                                0x00406381
                                                                                                                                0x00406381
                                                                                                                                0x00406389
                                                                                                                                0x0040638b
                                                                                                                                0x0040638b
                                                                                                                                0x0040638e
                                                                                                                                0x00406390
                                                                                                                                0x00406398
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406398
                                                                                                                                0x004061a4
                                                                                                                                0x004061aa
                                                                                                                                0x004061b1
                                                                                                                                0x004061b3
                                                                                                                                0x004061b9
                                                                                                                                0x004061c2
                                                                                                                                0x004061cf
                                                                                                                                0x004061d3
                                                                                                                                0x004061d4
                                                                                                                                0x004061d6
                                                                                                                                0x004061dd
                                                                                                                                0x0040631f
                                                                                                                                0x00406322
                                                                                                                                0x0040635b
                                                                                                                                0x0040635e
                                                                                                                                0x00406364
                                                                                                                                0x00406364
                                                                                                                                0x00406324
                                                                                                                                0x00406324
                                                                                                                                0x00406327
                                                                                                                                0x0040633c
                                                                                                                                0x00406343
                                                                                                                                0x00406329
                                                                                                                                0x00406330
                                                                                                                                0x00406330
                                                                                                                                0x0040634b
                                                                                                                                0x0040634e
                                                                                                                                0x00406351
                                                                                                                                0x00406351
                                                                                                                                0x0040634e
                                                                                                                                0x00406369
                                                                                                                                0x0040636a
                                                                                                                                0x00406372
                                                                                                                                0x00406375
                                                                                                                                0x00406377
                                                                                                                                0x00000000
                                                                                                                                0x00406377
                                                                                                                                0x004061e3
                                                                                                                                0x004061ea
                                                                                                                                0x0040620b
                                                                                                                                0x0040620b
                                                                                                                                0x0040620d
                                                                                                                                0x00406200
                                                                                                                                0x00406200
                                                                                                                                0x00406202
                                                                                                                                0x00406202
                                                                                                                                0x0040621a
                                                                                                                                0x0040621d
                                                                                                                                0x0040621e
                                                                                                                                0x00406221
                                                                                                                                0x00406223
                                                                                                                                0x00406265
                                                                                                                                0x00406268
                                                                                                                                0x0040627b
                                                                                                                                0x0040627e
                                                                                                                                0x00406286
                                                                                                                                0x0040628c
                                                                                                                                0x0040628c
                                                                                                                                0x0040628e
                                                                                                                                0x00406290
                                                                                                                                0x00000000
                                                                                                                                0x00406292
                                                                                                                                0x00406292
                                                                                                                                0x00406296
                                                                                                                                0x00406296
                                                                                                                                0x0040629b
                                                                                                                                0x0040629c
                                                                                                                                0x0040629e
                                                                                                                                0x004062b7
                                                                                                                                0x004062c6
                                                                                                                                0x004062cb
                                                                                                                                0x004062cd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004062d4
                                                                                                                                0x004062e0
                                                                                                                                0x004062e6
                                                                                                                                0x004062e8
                                                                                                                                0x004062f7
                                                                                                                                0x004062f7
                                                                                                                                0x004062f9
                                                                                                                                0x004062f9
                                                                                                                                0x00000000
                                                                                                                                0x004062f9
                                                                                                                                0x00000000
                                                                                                                                0x004062e8
                                                                                                                                0x004062a0
                                                                                                                                0x004062a2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004062b1
                                                                                                                                0x004062b3
                                                                                                                                0x004062b5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004062ea
                                                                                                                                0x004062ec
                                                                                                                                0x004062ef
                                                                                                                                0x004062f0
                                                                                                                                0x004062f1
                                                                                                                                0x004062f1
                                                                                                                                0x00000000
                                                                                                                                0x004062f5
                                                                                                                                0x00406290
                                                                                                                                0x00406270
                                                                                                                                0x00000000
                                                                                                                                0x00406225
                                                                                                                                0x00406247
                                                                                                                                0x0040624c
                                                                                                                                0x00406253
                                                                                                                                0x00406302
                                                                                                                                0x00406305
                                                                                                                                0x0040630d
                                                                                                                                0x0040630d
                                                                                                                                0x00406313
                                                                                                                                0x00406314
                                                                                                                                0x00406319
                                                                                                                                0x00000000
                                                                                                                                0x00406319
                                                                                                                                0x0040625b
                                                                                                                                0x004062fd
                                                                                                                                0x00406300
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406300
                                                                                                                                0x00406223
                                                                                                                                0x0040639e
                                                                                                                                0x00000000
                                                                                                                                0x0040639e

                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(Delete on reboot: ,00002000), ref: 00406270
                                                                                                                                  • Part of subcall function 00406A5B: wsprintfW.USER32 ref: 00406A68
                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Delete on reboot: ,00002000,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,00000000,?,?), ref: 00406286
                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(?,?,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,00000000,?,?), ref: 004062C6
                                                                                                                                • SHGetPathFromIDListW.SHELL32(?,Delete on reboot: ), ref: 004062D4
                                                                                                                                • CoTaskMemFree.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,004035AA,00000000,?), ref: 004062E0
                                                                                                                                • lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040630D
                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: ,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,?,00000000,?,?), ref: 0040636A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlenwsprintf
                                                                                                                                • String ID: Delete on reboot: $Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                • API String ID: 534969901-3246698589
                                                                                                                                • Opcode ID: 06da2156d6fff2f62e7e15716e9c0c2580d0743acb6afc0563a3e41f3e5986f8
                                                                                                                                • Instruction ID: cec8041f13d2d63386dc1c4d208ab998b16c5a2c5a863efc744ecaa03a134d33
                                                                                                                                • Opcode Fuzzy Hash: 06da2156d6fff2f62e7e15716e9c0c2580d0743acb6afc0563a3e41f3e5986f8
                                                                                                                                • Instruction Fuzzy Hash: D37124712043119BD710AF699C80B3B76E8AB95B00F12457FF942FA2D2E63C9C61979E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004036D7, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 179memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1108 4036d7-403724 GetTickCount GetModuleFileNameW call 406e83 1111 403730-403760 call 40708c call 407225 call 40708c GetFileSize 1108->1111 1112 403726-40372b 1108->1112 1120 403766 1111->1120 1121 40385e-40386d call 403673 1111->1121 1113 403922-403929 1112->1113 1123 40376a-403790 call 403402 1120->1123 1126 403873-403875 1121->1126 1127 403934-403939 1121->1127 1131 403796-40379d 1123->1131 1132 40392c-403933 call 403673 1123->1132 1129 4038a6-4038d6 GlobalAlloc call 403418 call 40342f 1126->1129 1130 403877-40388f call 403418 call 406eb0 1126->1130 1127->1113 1129->1127 1156 4038d8-4038ea 1129->1156 1153 403894-403896 1130->1153 1136 40381e-403821 1131->1136 1137 40379f-4037b8 call 406bbe 1131->1137 1132->1127 1139 403823-40382a call 403673 1136->1139 1140 40382b-403831 1136->1140 1137->1140 1151 4037ba-4037c2 1137->1151 1139->1140 1146 403833-403842 call 407347 1140->1146 1147 403846-403850 1140->1147 1146->1147 1147->1123 1152 403856-40385a 1147->1152 1151->1140 1157 4037c4-4037cc 1151->1157 1152->1121 1153->1127 1158 40389c-4038a0 1153->1158 1160 4038f2-4038f5 1156->1160 1161 4038ec 1156->1161 1157->1140 1162 4037ce-4037d6 1157->1162 1158->1127 1158->1129 1164 4038f8-403900 1160->1164 1161->1160 1162->1140 1163 4037d8-4037e0 1162->1163 1163->1140 1165 4037e2-403801 1163->1165 1164->1164 1166 403902-40391b SetFilePointer call 406bbe 1164->1166 1165->1127 1167 403807-40380d 1165->1167 1170 403920 1166->1170 1167->1152 1169 40380f-403818 1167->1169 1169->1140 1171 40381a-40381c 1169->1171 1170->1113 1171->1140
                                                                                                                                C-Code - Quality: 98%
                                                                                                                                			E004036D7(void* __eflags, signed int _a4) {
				char _v0;
				intOrPtr _v4;
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				long _v32;
				struct HINSTANCE__* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t45;
				intOrPtr* _t49;
				long _t50;
				void* _t56;
				intOrPtr _t64;
				struct HINSTANCE__* _t70;
				signed int _t72;
				void* _t73;
				void* _t76;
				intOrPtr _t78;
				long _t80;
				long _t83;
				long _t86;
				void* _t87;
				void* _t88;

				_t80 = 0;
				_t70 = 0;
				_v32 = 0;
				_v36 = 0;
				 *0x47e220 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x4eb000, 0x2000);
				_t88 = E00406E83(0x4eb000, 0x80000000, 3);
				 *0x40c010 = _t88;
				if(_t88 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040708C(0x4db000, 0x4eb000);
				E0040708C(0x4ef000, E00407225(0x4db000));
				_t86 = GetFileSize(_t88, 0);
				 *0x420168 = _t86;
				if(_t86 <= 0) {
					L21:
					E00403673(1);
					_pop(_t73);
					if( *0x47e228 == 0) {
						L33:
						return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
					}
					if(_t70 == 0) {
						L25:
						_t45 = GlobalAlloc(0x40, _v8); // executed
						_t87 = _t45;
						E00403418( *0x47e228 + 0x1c);
						if(E0040342F(0xffffffff, 0, _t87, _v12) != _v28) {
							goto L33;
						}
						 *0x47e230 = _t87;
						 *0x47e22c =  *_t87;
						if((_v28 & 0x00000001) != 0) {
							 *0x47e224 =  *0x47e224 + 1;
						}
						_t76 = 8;
						_t31 = _t87 + 0x44; // 0x44
						_t49 = _t31;
						do {
							_t49 = _t49 - 8;
							 *_t49 =  *_t49 + _t87;
							_t76 = _t76 - 1;
						} while (_t76 != 0);
						_t50 = SetFilePointer(_t88, 0, 0, 1); // executed
						 *(_t87 + 0x3c) = _t50;
						_t34 = _t87 + 4; // 0x4
						E00406BBE(0x47e240, _t34, 0x40);
						return 0;
					}
					E00403418( *0x42016c);
					_t56 = E00406EB0(_t73,  *0x40c010,  &_v0, 4); // executed
					if(_t56 == 0 || _t80 != _a4) {
						goto L33;
					} else {
						goto L25;
					}
				}
				_t72 = _a4;
				while(1) {
					_t82 =  !=  ? 0x8000 : 0x200;
					_t83 =  <  ? _t86 :  !=  ? 0x8000 : 0x200;
					if(E00403402(0x429d38, 0x200) == 0) {
						break;
					}
					if( *0x47e228 != 0) {
						if((_t72 & 0x00000002) == 0) {
							E00403673(0);
						}
						L17:
						if(_t86 <  *0x420168) {
							_v44 = E00407347(_v32, 0x429d38, _t83);
						}
						 *0x42016c =  *0x42016c + _t83;
						_t86 = _t86 - _t83;
						if(_t86 > 0) {
							continue;
						} else {
							L20:
							_t80 = _v32;
							_t70 = _v36;
							goto L21;
						}
					}
					E00406BBE( &_v28, 0x429d38, 0x1c);
					if((_v40 & 0xfffffff0) == 0 && _v24 == 0xdeadbeef && _v12 == 0x74736e49 && _v16 == 0x74666f73 && _v20 == 0x6c6c754e) {
						_t64 =  *0x42016c; // 0x3997d1a
						_t72 = _t72 | _v28;
						_t78 = _v4;
						 *0x47e228 = _t64;
						 *0x47e300 =  *0x47e300 | _t72 & 0x00000002;
						if(_t78 > _t86) {
							goto L33;
						}
						if((_t72 & 0x0000000c) == 4) {
							goto L20;
						}
						_v36 = _v36 + 1;
						_t86 = _t78 - 4;
						if(0x200 > _t86) {
							_t83 = _t86;
						}
					}
					goto L17;
				}
				E00403673(1);
				goto L33;
			}






























                                                                                                                                0x004036de
                                                                                                                                0x004036e0
                                                                                                                                0x004036e2
                                                                                                                                0x004036e6
                                                                                                                                0x00403701
                                                                                                                                0x00403706
                                                                                                                                0x00403719
                                                                                                                                0x0040371b
                                                                                                                                0x00403724
                                                                                                                                0x00000000
                                                                                                                                0x00403726
                                                                                                                                0x00403737
                                                                                                                                0x00403748
                                                                                                                                0x00403756
                                                                                                                                0x00403758
                                                                                                                                0x00403760
                                                                                                                                0x0040385e
                                                                                                                                0x00403860
                                                                                                                                0x0040386c
                                                                                                                                0x0040386d
                                                                                                                                0x00403934
                                                                                                                                0x00000000
                                                                                                                                0x00403934
                                                                                                                                0x00403875
                                                                                                                                0x004038a6
                                                                                                                                0x004038ac
                                                                                                                                0x004038b8
                                                                                                                                0x004038be
                                                                                                                                0x004038d6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004038dd
                                                                                                                                0x004038e5
                                                                                                                                0x004038ea
                                                                                                                                0x004038ec
                                                                                                                                0x004038ec
                                                                                                                                0x004038f4
                                                                                                                                0x004038f5
                                                                                                                                0x004038f5
                                                                                                                                0x004038f8
                                                                                                                                0x004038f8
                                                                                                                                0x004038fb
                                                                                                                                0x004038fd
                                                                                                                                0x004038fd
                                                                                                                                0x00403907
                                                                                                                                0x0040390d
                                                                                                                                0x00403910
                                                                                                                                0x0040391b
                                                                                                                                0x00000000
                                                                                                                                0x00403920
                                                                                                                                0x0040387d
                                                                                                                                0x0040388f
                                                                                                                                0x00403896
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403896
                                                                                                                                0x00403766
                                                                                                                                0x0040376a
                                                                                                                                0x0040377b
                                                                                                                                0x00403780
                                                                                                                                0x00403790
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040379d
                                                                                                                                0x00403821
                                                                                                                                0x00403825
                                                                                                                                0x0040382a
                                                                                                                                0x0040382b
                                                                                                                                0x00403831
                                                                                                                                0x00403842
                                                                                                                                0x00403842
                                                                                                                                0x00403846
                                                                                                                                0x0040384c
                                                                                                                                0x00403850
                                                                                                                                0x00000000
                                                                                                                                0x00403856
                                                                                                                                0x00403856
                                                                                                                                0x00403856
                                                                                                                                0x0040385a
                                                                                                                                0x00000000
                                                                                                                                0x0040385a
                                                                                                                                0x00403850
                                                                                                                                0x004037ab
                                                                                                                                0x004037b8
                                                                                                                                0x004037e2
                                                                                                                                0x004037e7
                                                                                                                                0x004037eb
                                                                                                                                0x004037ef
                                                                                                                                0x004037f9
                                                                                                                                0x00403801
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040380d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040380f
                                                                                                                                0x00403813
                                                                                                                                0x00403818
                                                                                                                                0x0040381a
                                                                                                                                0x0040381a
                                                                                                                                0x00403818
                                                                                                                                0x00000000
                                                                                                                                0x004037b8
                                                                                                                                0x0040392e
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetTickCount.KERNEL32 ref: 004036EA
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004EB000,00002000,?,?,?,00403C38,00000000), ref: 00403706
                                                                                                                                  • Part of subcall function 00406E83: GetFileAttributesW.KERNEL32(00000003,00403719,004EB000,80000000,00000003,?,?,?,00403C38,00000000), ref: 00406E87
                                                                                                                                  • Part of subcall function 00406E83: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000000,00000000,?,?,?,00403C38,00000000), ref: 00406EA7
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004EF000,00000000,004DB000,004DB000,004EB000,004EB000,80000000,00000003,?,?,?,00403C38,00000000), ref: 00403750
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,?,?,?,00403C38,00000000), ref: 004038AC
                                                                                                                                Strings
                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004036DD
                                                                                                                                • Null, xrefs: 004037D8
                                                                                                                                • soft, xrefs: 004037CE
                                                                                                                                • Error launching installer, xrefs: 00403726
                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403934
                                                                                                                                • Inst, xrefs: 004037C4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                • API String ID: 2803837635-787788815
                                                                                                                                • Opcode ID: 787f7baccc256e02e906288f379b207d891802a189473e324ce9dbf49ac1c1d2
                                                                                                                                • Instruction ID: a213e2c9ae2006e84b4c060001ba127a94be57b5ffb909b3d07d1c84f2054736
                                                                                                                                • Opcode Fuzzy Hash: 787f7baccc256e02e906288f379b207d891802a189473e324ce9dbf49ac1c1d2
                                                                                                                                • Instruction Fuzzy Hash: DA51F4716043109FD720AF219C41B5B7BECEB48716F104A7FF945B62E2C7789E418AAE
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040342F, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 169COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1172 40342f-403467 1173 403476-40348a call 406eb0 1172->1173 1174 403469-403471 call 403418 1172->1174 1178 403494-40349b 1173->1178 1179 40348c-40348f 1173->1179 1174->1173 1181 4034a1-4034ec GetTickCount 1178->1181 1182 403614-403616 1178->1182 1180 4035f6-4035ff 1179->1180 1185 4034f2-403509 call 403402 1181->1185 1186 4035f3 1181->1186 1183 403657-40366c call 403402 1182->1183 1184 403618-40361a 1182->1184 1183->1186 1194 40366e 1183->1194 1184->1186 1189 40361c 1184->1189 1185->1194 1196 40350f-40351d 1185->1196 1187 4035f5 1186->1187 1187->1180 1192 403621-403631 call 403402 1189->1192 1192->1194 1201 403633-40363c call 406f77 1192->1201 1198 403670-403671 1194->1198 1197 403527-403543 call 40778b 1196->1197 1205 403610-403612 1197->1205 1206 403549-403569 GetTickCount 1197->1206 1198->1187 1204 403641-403643 1201->1204 1207 403645-403653 1204->1207 1208 40360c-40360e 1204->1208 1205->1198 1209 4035b6-4035bc 1206->1209 1210 40356b-403574 1206->1210 1207->1192 1211 403655 1207->1211 1208->1198 1214 403602-403604 1209->1214 1215 4035be-4035c0 1209->1215 1212 403576-403578 1210->1212 1213 40357a-4035b2 MulDiv wsprintfW call 405f97 1210->1213 1211->1186 1212->1209 1212->1213 1213->1209 1214->1185 1216 40360a 1214->1216 1218 4035c2-4035cb call 406f77 1215->1218 1219 4035da-4035e2 1215->1219 1216->1186 1223 4035d0-4035d2 1218->1223 1220 4035e6-4035ed 1219->1220 1220->1186 1220->1197 1223->1208 1224 4035d4-4035d8 1223->1224 1224->1220
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E0040342F(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v124;
				short _v132;
				intOrPtr _v136;
				signed int _v140;
				int _v144;
				intOrPtr _v148;
				long _v152;
				signed int _v156;
				signed int _v160;
				void* _t39;
				signed int _t40;
				signed int _t42;
				void* _t44;
				long _t46;
				intOrPtr _t49;
				intOrPtr _t50;
				long _t52;
				long _t53;
				void* _t54;
				void* _t64;
				intOrPtr _t69;
				signed int _t72;
				intOrPtr _t73;
				void* _t75;
				signed int _t76;
				intOrPtr _t82;
				int _t83;
				signed int* _t84;

				_t84 =  &_v156;
				_t70 = _a4;
				_t73 = _a12;
				_t69 =  !=  ? _a16 : 0x8000;
				_t76 = 0;
				_t37 =  !=  ? _t73 : 0x435d38;
				_v144 =  !=  ? _t73 : 0x435d38;
				if(_a4 >= 0) {
					E00403418( *0x47e278 + _t70);
				}
				_t39 = E00406EB0(_t70,  *0x40c010,  &_v156, 4); // executed
				if(_t39 != 0) {
					_t40 = _v156;
					if(_t40 >= 0) {
						if(_t73 != 0) {
							_t76 =  <  ? _t40 : _a16;
							if(E00403402(_t73, _t76) != 0) {
								L19:
								_t42 = _t76;
								L20:
								return _t42;
							}
							L34:
							_push(0xfffffffd);
							L35:
							_pop(_t42);
							goto L20;
						}
						if(_t40 <= 0) {
							goto L19;
						}
						while(1) {
							_t75 =  <  ? _t40 : _t69;
							if(E00403402(0x431d38, _t75) == 0) {
								goto L34;
							}
							_t44 = E00406F77(_t70, _a8, 0x431d38, _t75); // executed
							if(_t44 == 0) {
								L24:
								_push(0xfffffffe);
								goto L35;
							}
							_t76 = _t76 + _t75;
							_t40 = _v156 - _t75;
							_v156 = _t40;
							if(_t40 > 0) {
								continue;
							}
							goto L19;
						}
						goto L34;
					}
					_t46 = GetTickCount();
					 *0x4206a4 =  *0x4206a4 & _t76;
					 *0x4206a0 =  *0x4206a0 & _t76;
					_t72 = _v156 & 0x7fffffff;
					_v152 = _t46;
					 *0x420188 = 8;
					 *0x429d30 = 0x421d28;
					 *0x429d2c = 0x421d28;
					 *0x429d28 = 0x429d28;
					_v156 = _t72;
					_v140 = _t72;
					if(_t72 <= 0) {
						goto L19;
					} else {
						goto L6;
					}
					while(1) {
						L6:
						_t82 =  <  ? _t72 : 0x4000;
						if(E00403402(0x431d38, 0x4000) == 0) {
							goto L34;
						}
						_v156 = _v156 - 0x4000;
						 *0x42017c = _t82;
						_t83 = _v144;
						 *0x420178 = 0x431d38;
						while(1) {
							_push("p!C");
							 *0x420180 = _t83;
							 *0x420184 = _t69;
							_t49 = E0040778B();
							_v136 = _t49;
							if(_t49 < 0) {
								break;
							}
							_t50 =  *0x420180; // 0x436938
							_v152 = _t50 - _t83;
							_t52 = GetTickCount();
							_t72 = _v160;
							_v140 = _t52;
							if(( *0x47e314 & 0x00000001) != 0 && (_t52 - _v156 > 0xc8 || _t72 == 0)) {
								wsprintfW( &_v132, L"... %d%%", MulDiv(_v144 - _t72, 0x64, _v144));
								_t84 =  &(_t84[3]);
								E00405F97(0,  &_v124);
								_t72 = _v160;
								_v156 = _v140;
							}
							_t53 = _v152;
							if(_t53 == 0) {
								if(_t72 > 0) {
									goto L6;
								}
								goto L19;
							} else {
								if(_t73 != 0) {
									_t83 =  *0x420180; // 0x436938
									_t69 = _t69 - _t53;
									_v148 = _t83;
									L18:
									_t76 = _t76 + _t53;
									if(_v136 != 1) {
										continue;
									}
									goto L19;
								}
								_t54 = E00406F77(_t72, _a4, _t83, _t53); // executed
								if(_t54 == 0) {
									goto L24;
								}
								_t53 = _v152;
								goto L18;
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				} else {
					_t64 = 0xfffffffd;
					return _t64;
				}
			}































                                                                                                                                0x0040342f
                                                                                                                                0x00403435
                                                                                                                                0x00403444
                                                                                                                                0x00403452
                                                                                                                                0x0040345a
                                                                                                                                0x0040345e
                                                                                                                                0x00403461
                                                                                                                                0x00403467
                                                                                                                                0x00403471
                                                                                                                                0x00403471
                                                                                                                                0x00403483
                                                                                                                                0x0040348a
                                                                                                                                0x00403494
                                                                                                                                0x0040349b
                                                                                                                                0x00403616
                                                                                                                                0x00403660
                                                                                                                                0x0040366c
                                                                                                                                0x004035f3
                                                                                                                                0x004035f3
                                                                                                                                0x004035f5
                                                                                                                                0x00000000
                                                                                                                                0x004035f5
                                                                                                                                0x0040366e
                                                                                                                                0x0040366e
                                                                                                                                0x00403670
                                                                                                                                0x00403670
                                                                                                                                0x00000000
                                                                                                                                0x00403670
                                                                                                                                0x0040361a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403621
                                                                                                                                0x00403625
                                                                                                                                0x00403631
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040363c
                                                                                                                                0x00403643
                                                                                                                                0x0040360c
                                                                                                                                0x0040360c
                                                                                                                                0x00000000
                                                                                                                                0x0040360c
                                                                                                                                0x00403649
                                                                                                                                0x0040364b
                                                                                                                                0x0040364d
                                                                                                                                0x00403653
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403655
                                                                                                                                0x00000000
                                                                                                                                0x00403621
                                                                                                                                0x004034a1
                                                                                                                                0x004034ab
                                                                                                                                0x004034b1
                                                                                                                                0x004034b7
                                                                                                                                0x004034bd
                                                                                                                                0x004034c6
                                                                                                                                0x004034d0
                                                                                                                                0x004034d5
                                                                                                                                0x004034da
                                                                                                                                0x004034e4
                                                                                                                                0x004034e8
                                                                                                                                0x004034ec
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004034f2
                                                                                                                                0x004034f2
                                                                                                                                0x004034f9
                                                                                                                                0x00403509
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040350f
                                                                                                                                0x00403513
                                                                                                                                0x00403519
                                                                                                                                0x0040351d
                                                                                                                                0x00403527
                                                                                                                                0x00403527
                                                                                                                                0x0040352c
                                                                                                                                0x00403532
                                                                                                                                0x00403538
                                                                                                                                0x0040353d
                                                                                                                                0x00403543
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00403549
                                                                                                                                0x00403550
                                                                                                                                0x00403554
                                                                                                                                0x00403561
                                                                                                                                0x00403565
                                                                                                                                0x00403569
                                                                                                                                0x00403595
                                                                                                                                0x0040359b
                                                                                                                                0x004035a5
                                                                                                                                0x004035ae
                                                                                                                                0x004035b2
                                                                                                                                0x004035b2
                                                                                                                                0x004035b6
                                                                                                                                0x004035bc
                                                                                                                                0x00403604
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004035be
                                                                                                                                0x004035c0
                                                                                                                                0x004035da
                                                                                                                                0x004035e0
                                                                                                                                0x004035e2
                                                                                                                                0x004035e6
                                                                                                                                0x004035e6
                                                                                                                                0x004035ed
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004035ed
                                                                                                                                0x004035cb
                                                                                                                                0x004035d2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004035d4
                                                                                                                                0x00000000
                                                                                                                                0x004035d4
                                                                                                                                0x004035bc
                                                                                                                                0x00403610
                                                                                                                                0x00000000
                                                                                                                                0x00403610
                                                                                                                                0x00000000
                                                                                                                                0x0040348c
                                                                                                                                0x0040348e
                                                                                                                                0x00000000
                                                                                                                                0x0040348e

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00403418: SetFilePointer.KERNEL32(00000000,00000000,00000000,004038C3,?,?,?,?,00403C38,00000000), ref: 00403426
                                                                                                                                • GetTickCount.KERNEL32 ref: 004034A1
                                                                                                                                • GetTickCount.KERNEL32 ref: 00403554
                                                                                                                                • MulDiv.KERNEL32(?,00000064,?), ref: 00403584
                                                                                                                                • wsprintfW.USER32 ref: 00403595
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CountTick$FilePointerwsprintf
                                                                                                                                • String ID: ... %d%%$8]C$8iC$p!C
                                                                                                                                • API String ID: 999035486-2060109342
                                                                                                                                • Opcode ID: 79ccf5bcc5a0c7aa5de6f5d8d391d0fef02fb4dac9c23ea87cbc41a5090bdc3c
                                                                                                                                • Instruction ID: 6e71b5ea9f736f55b551b36433cbd79618bc4aaa4b106e8b626e361a91a94aa1
                                                                                                                                • Opcode Fuzzy Hash: 79ccf5bcc5a0c7aa5de6f5d8d391d0fef02fb4dac9c23ea87cbc41a5090bdc3c
                                                                                                                                • Instruction Fuzzy Hash: 2C518570608301ABE720DF25DD45A2B7FE8BB84356F50093EF855E62E1D739DA048B5E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004023D0, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1225 4023d0-4023dd 1226 4023e3-4023fa call 403312 * 2 1225->1226 1227 4024cf-4024e5 call 405f97 call 406af2 1225->1227 1236 402409-402417 LoadLibraryExW 1226->1236 1237 4023fc-402407 GetModuleHandleW 1226->1237 1238 40316f 1227->1238 1240 40241d-40242f call 40650c 1236->1240 1241 4024b8-4024c5 call 405f97 1236->1241 1237->1236 1237->1240 1239 403173-403185 1238->1239 1248 402431-402439 1240->1248 1249 402474-40248c call 405f97 call 406af2 1240->1249 1241->1227 1250 402454-40246c 1248->1250 1251 40243b-40244a call 4033f1 1248->1251 1258 40248f 1249->1258 1256 40246f-402472 1250->1256 1251->1258 1263 40244c-402452 1251->1263 1256->1258 1260 402493-402498 1258->1260 1260->1239 1262 40249e-4024a6 call 403ed1 1260->1262 1262->1238 1266 4024ac-4024b3 FreeLibrary 1262->1266 1263->1260 1266->1238
                                                                                                                                C-Code - Quality: 62%
                                                                                                                                			E004023D0(void* __ebx, void* _a4, void* _a8, intOrPtr _a12, int _a16, int _a28, void* _a32, intOrPtr _a48, intOrPtr _a52, void* _a56) {
				void* _v0;
				void* _v4;
				void* _v8;
				int _t18;

				_a16 = 1;
				if( *0x47e280 < __ebx) {
					E00405F97(0xffffffe7, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
					_push(L"Error registering DLL: Could not initialize OLE");
					E00406AF2();
					goto L2;
				} else {
					__ebp = E00403312(__edx, 0xfffffff0);
					_a12 = E00403312(__edx, 1);
					if(_a48 == __ebx) {
						L5:
						__eax = LoadLibraryExW(__ebp, __ebx, 8); // executed
						__esi = __eax;
						if(__esi == 0) {
							__eax = E00405F97(0xfffffff6, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
							_push(__ebp);
							_push(L"Error registering DLL: Could not load %s");
							E00406AF2();
							L2:
							goto L18;
						} else {
							goto L6;
						}
					} else {
						__eax = GetModuleHandleW(__ebp); // executed
						__esi = __eax;
						if(__esi != 0) {
							L6:
							__ecx = E0040650C(__esi,  *(__esp + 0x14));
							 *((intOrPtr*)(__esp + 0x48)) = __ecx;
							if(__ecx == 0) {
								__ebx =  *(__esp + 0x14);
								__eax = E00405F97(0xfffffff7,  *(__esp + 0x14));
								_push(__ebp);
								__eax = E00406AF2(L"Error registering DLL: %s not found in %s", __ebx);
								goto L12;
							} else {
								_a16 = __ebx;
								if(_a48 == __ebx) {
									__eax = _a28;
									__eax =  *__ecx(_a28, 0x2000, 0x47f000, 0x40c100, "��G"); // executed
									__esp = __esp + 0x14;
									goto L12;
								} else {
									__eax = E004033F1(_a48);
									if( *((intOrPtr*)(__esp + 0x48))() == 0) {
										L12:
										__eax = _a16;
									} else {
										__eax = __edi;
										_a16 = __edi;
									}
								}
							}
							if(_a52 == 0) {
								if(E00403ED1(__esi) != 0) {
									__eax = FreeLibrary(__esi); // executed
								}
								L18:
								_t18 = _a16;
							}
						} else {
							goto L5;
						}
					}
				}
				 *0x47e2e8 =  *0x47e2e8 + _t18;
				return 0;
			}







                                                                                                                                0x004023d3
                                                                                                                                0x004023dd
                                                                                                                                0x004024d6
                                                                                                                                0x004024db
                                                                                                                                0x004024e0
                                                                                                                                0x00000000
                                                                                                                                0x004023e3
                                                                                                                                0x004023eb
                                                                                                                                0x004023f2
                                                                                                                                0x004023fa
                                                                                                                                0x00402409
                                                                                                                                0x0040240d
                                                                                                                                0x00402413
                                                                                                                                0x00402417
                                                                                                                                0x004024bf
                                                                                                                                0x004024c4
                                                                                                                                0x004024c5
                                                                                                                                0x004018f8
                                                                                                                                0x004018fe
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004023fc
                                                                                                                                0x004023fd
                                                                                                                                0x00402403
                                                                                                                                0x00402407
                                                                                                                                0x0040241d
                                                                                                                                0x00402427
                                                                                                                                0x00402429
                                                                                                                                0x0040242f
                                                                                                                                0x00402474
                                                                                                                                0x0040247b
                                                                                                                                0x00402480
                                                                                                                                0x00402487
                                                                                                                                0x00000000
                                                                                                                                0x00402431
                                                                                                                                0x00402431
                                                                                                                                0x00402439
                                                                                                                                0x00402454
                                                                                                                                0x0040246d
                                                                                                                                0x0040246f
                                                                                                                                0x00000000
                                                                                                                                0x0040243b
                                                                                                                                0x0040243f
                                                                                                                                0x0040244a
                                                                                                                                0x0040248f
                                                                                                                                0x0040248f
                                                                                                                                0x0040244c
                                                                                                                                0x0040244c
                                                                                                                                0x0040244e
                                                                                                                                0x0040244e
                                                                                                                                0x0040244a
                                                                                                                                0x00402439
                                                                                                                                0x00402498
                                                                                                                                0x004024a6
                                                                                                                                0x004024ad
                                                                                                                                0x004024ad
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402407
                                                                                                                                0x004023fa
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 004023FD
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FC9
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FDB
                                                                                                                                  • Part of subcall function 00405F97: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?), ref: 00405FF6
                                                                                                                                  • Part of subcall function 00405F97: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\), ref: 0040600E
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?), ref: 00406035
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00406050
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 0040605D
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040240D
                                                                                                                                • FreeLibrary.KERNEL32(00000000,00000000), ref: 004024AD
                                                                                                                                Strings
                                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 00402482
                                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024C5
                                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024DB
                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll, xrefs: 004024B8, 004024CF
                                                                                                                                • G, xrefs: 00402458
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$G
                                                                                                                                • API String ID: 1033533793-1357841890
                                                                                                                                • Opcode ID: efeaa39fdb92168820c3dce88d029bd111d27ca78e4c6d0ce537145f0ace6b32
                                                                                                                                • Instruction ID: 24a415c342406d04f828e843d6e4e1d3d7240bd4cf09a6241dee066e952f7a39
                                                                                                                                • Opcode Fuzzy Hash: efeaa39fdb92168820c3dce88d029bd111d27ca78e4c6d0ce537145f0ace6b32
                                                                                                                                • Instruction Fuzzy Hash: 8E210631608312ABD310BF659C45B2B76D8AF81715F200A3FF891B52D2C7BC8D458A6F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040643F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040643F(intOrPtr _a4) {
				short _v576;
				signed int _t12;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;
				void* _t23;

				_t12 =  >  ? 0 : GetSystemDirectoryW( &_v576, 0x104);
				if(_t12 == 0) {
					L2:
					_t18 = 0x409aae;
				} else {
					_t18 = "\\";
					if( *((short*)(_t23 + _t12 * 2 - 0x23e)) == 0x5c) {
						goto L2;
					}
				}
				wsprintfW( &(( &_v576)[_t12]), L"%s%S.dll", _t18, _a4);
				_t16 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t16;
			}








                                                                                                                                0x00406461
                                                                                                                                0x00406466
                                                                                                                                0x00406478
                                                                                                                                0x00406478
                                                                                                                                0x00406468
                                                                                                                                0x00406471
                                                                                                                                0x00406476
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406476
                                                                                                                                0x00406490
                                                                                                                                0x004064a4
                                                                                                                                0x004064ad

                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406456
                                                                                                                                • wsprintfW.USER32 ref: 00406490
                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004064A4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                • String ID: %s%S.dll$UXTHEME
                                                                                                                                • API String ID: 2200240437-1106614640
                                                                                                                                • Opcode ID: a5c53ae95a38b67c0547411a30e6b05bbb5f79370a8deab1e481262da7b0293f
                                                                                                                                • Instruction ID: 01f1ec3c6810baca27f6867aca7698c880d8beda233b3d7c55c1a3d669aaac1d
                                                                                                                                • Opcode Fuzzy Hash: a5c53ae95a38b67c0547411a30e6b05bbb5f79370a8deab1e481262da7b0293f
                                                                                                                                • Instruction Fuzzy Hash: 18F0F071A002196BCB20AB94DD0DF96767C9B44310F1080BAAA4AF21C1DB7D9E64CBE8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401E88, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 44%
                                                                                                                                			E00401E88(void* _a8, signed int _a40, intOrPtr _a48) {
				void* _t7;
				void _t10;
				intOrPtr _t11;
				void* _t12;
				void* _t20;
				void* _t24;
				void* _t25;
				void* _t27;
				void* _t29;

				_t24 =  *0x40c100; // 0x9f5018
				if(_a48 == 0) {
					if(_t20 == 0) {
						_t7 = GlobalAlloc(0x40, 0x4004); // executed
						_t25 = _t7;
						_t4 = _t25 + 4; // 0x4
						E00406119(_t4, _a40);
						_t10 =  *0x40c100; // 0x9f5018
						 *_t25 = _t10;
						 *0x40c100 = _t25;
						goto L19;
					} else {
						if(_t24 != 0) {
							_t2 = _t24 + 4; // 0x9f501c
							E0040708C(_t27, _t2);
							 *0x40c100 =  *_t24;
							_push(_t24); // executed
							GlobalFree(); // executed
							goto L19;
						} else {
							_push(L"Pop: stack empty");
							E00406AF2();
							_t11 = 1;
						}
					}
					goto L20;
				} else {
					while(1) {
						__eax = __eax - 1;
						if(__esi == 0) {
							break;
						}
						__esi =  *__esi;
						if(__eax != 0) {
							continue;
						} else {
							if(__esi == 0) {
								break;
							} else {
								__esi = __esi + 4;
								__ebp = L"Call";
								__eax = E0040708C(__ebp, __esi);
								__eax =  *0x40c100; // 0x9f5018
								__eax = E0040708C(__esi, __eax);
								__eax =  *0x40c100; // 0x9f5018
								_push(__ebp);
								_push(__eax);
								__eax = E0040708C();
								L19:
								_t11 =  *((intOrPtr*)(_t29 + 0x10));
								L20:
								 *0x47e2e8 =  *0x47e2e8 + _t11;
								_t12 = 0;
							}
						}
						goto L22;
					}
					__eax = E00406AF2(L"Exch: stack < %d elements", __edx);
					_push(0x200010);
					_push(E00406119(__ebx, 0xffffffe8));
					__eax = E0040701A();
					_t12 = 0x7fffffff;
				}
				L22:
				return _t12;
			}












                                                                                                                                0x00401e8e
                                                                                                                                0x00401e96
                                                                                                                                0x00401efb
                                                                                                                                0x00401f2f
                                                                                                                                0x00401f39
                                                                                                                                0x00401f3b
                                                                                                                                0x00401f3f
                                                                                                                                0x00401f44
                                                                                                                                0x00401f49
                                                                                                                                0x00401f4b
                                                                                                                                0x00000000
                                                                                                                                0x00401efd
                                                                                                                                0x00401eff
                                                                                                                                0x00401f0b
                                                                                                                                0x00401f10
                                                                                                                                0x00401f17
                                                                                                                                0x00401f1c
                                                                                                                                0x00401f1d
                                                                                                                                0x00000000
                                                                                                                                0x00401f01
                                                                                                                                0x00401f01
                                                                                                                                0x0040172e
                                                                                                                                0x00401736
                                                                                                                                0x00401736
                                                                                                                                0x00401eff
                                                                                                                                0x00000000
                                                                                                                                0x00401e98
                                                                                                                                0x00401e98
                                                                                                                                0x00401e98
                                                                                                                                0x00401e9b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401e9d
                                                                                                                                0x00401ea1
                                                                                                                                0x00000000
                                                                                                                                0x00401ea3
                                                                                                                                0x00401ea5
                                                                                                                                0x00000000
                                                                                                                                0x00401ea7
                                                                                                                                0x00401ea7
                                                                                                                                0x00401eaa
                                                                                                                                0x00401eb1
                                                                                                                                0x00401eb6
                                                                                                                                0x00401ec0
                                                                                                                                0x00401ec5
                                                                                                                                0x00401eca
                                                                                                                                0x00401ece
                                                                                                                                0x00401ecf
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403173
                                                                                                                                0x00403179
                                                                                                                                0x00403179
                                                                                                                                0x00401ea5
                                                                                                                                0x00000000
                                                                                                                                0x00401ea1
                                                                                                                                0x00401edf
                                                                                                                                0x00401ee6
                                                                                                                                0x00401ef3
                                                                                                                                0x00401bf2
                                                                                                                                0x0040159e
                                                                                                                                0x0040159e
                                                                                                                                0x0040317b
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                • GlobalFree.KERNEL32 ref: 00401F1D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                                • String ID: Call$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                • API String ID: 1459762280-62191030
                                                                                                                                • Opcode ID: 5998fd7ef3665104c70531dbe0fd0b7ce3b26cbdbaa650d642a6229adb06c0e2
                                                                                                                                • Instruction ID: 4322eca8b31c51378f70d1285659ea7dad9192018186e8ba76633edf2d5ecbc5
                                                                                                                                • Opcode Fuzzy Hash: 5998fd7ef3665104c70531dbe0fd0b7ce3b26cbdbaa650d642a6229adb06c0e2
                                                                                                                                • Instruction Fuzzy Hash: 3B21C672A04220EBE3109B55DC41A2733A8AB58714B14463FFD46BB2E3D77CAC014AAD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040208E, Relevance: 7.5, APIs: 5, Instructions: 40windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040208E(int __ecx, struct HWND__* __edx, void* _a12, signed int _a48, struct tagRECT _a84, signed int _a92, signed int _a96) {
				long _t13;
				void* _t14;
				intOrPtr _t15;
				int _t18;
				struct HWND__* _t25;
				void* _t28;

				_t23 = __edx;
				_t25 = GetDlgItem(__edx, __ecx);
				GetClientRect(_t25,  &_a84);
				_t13 = LoadImageW(_t18, E00403312(_t23, _t18), _t18, _a92 * _a48, _a96 * _a48, 0x10); // executed
				_t14 = SendMessageW(_t25, 0x172, _t18, _t13); // executed
				if(_t14 != 0) {
					DeleteObject(_t14);
				}
				_t15 =  *((intOrPtr*)(_t28 + 0x10));
				 *0x47e2e8 =  *0x47e2e8 + _t15;
				return 0;
			}









                                                                                                                                0x0040208e
                                                                                                                                0x00402096
                                                                                                                                0x0040209e
                                                                                                                                0x004020c3
                                                                                                                                0x004020d1
                                                                                                                                0x004020d9
                                                                                                                                0x004020e0
                                                                                                                                0x004020e0
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32 ref: 00402090
                                                                                                                                • GetClientRect.USER32 ref: 0040209E
                                                                                                                                • LoadImageW.USER32 ref: 004020C3
                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020D1
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004020E0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                • Opcode ID: 07140e964752b1a77e4a4a4c96b484fb30a1644eb53f487768257141eb777abf
                                                                                                                                • Instruction ID: 97cf957cfb5a739734192417dfd2d1df3453d0613f0d43872e7401a7b1983ca6
                                                                                                                                • Opcode Fuzzy Hash: 07140e964752b1a77e4a4a4c96b484fb30a1644eb53f487768257141eb777abf
                                                                                                                                • Instruction Fuzzy Hash: 22F0FFB2205204BFE304EB74ED89D7BB7ACEB84311F00596AF941E6192D7789D058629
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401F56, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86windowtimeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 68%
                                                                                                                                			E00401F56(void* _a8, struct HWND__* _a12, intOrPtr _a16, struct HWND__* _a20, long _a24, void* _a32, intOrPtr _a36, intOrPtr _a56, signed int _a60) {
				void* _v0;
				signed char _t24;
				void* _t26;
				long _t27;
				intOrPtr _t28;
				int _t32;
				signed int _t33;
				int _t36;
				long _t44;
				int _t48;
				void* _t49;
				long _t51;
				int _t53;
				void* _t54;
				void* _t58;

				_t53 = E004032D6(3);
				_a20 = _t53;
				_t51 = E004032D6(4);
				_t24 = _a60;
				if((_t24 & 0x00000001) != 0) {
					_a16 = E00403312(__edx, 0x33);
				}
				if((_t24 & 0x00000002) != 0) {
					_t51 = E00403312(_t49, 0x44);
				}
				_push(1);
				if(_a36 != 0x21) {
					_t54 = E00403312(_t49);
					_t26 = E00403312(_t49);
					_t41 =  !=  ? _t26 : 0;
					_t43 =  !=  ? _t54 : 0;
					_t27 = FindWindowExW(_a12, _t51,  !=  ? _t54 : 0,  !=  ? _t26 : 0); // executed
					goto L11;
				} else {
					_a20 = E004032D6();
					_t32 = E004032D6(2);
					_t48 = _a60 >> 2;
					if(_t48 == 0) {
						_t27 = SendMessageW(_a20, _t32, _t53, _t51); // executed
						L11:
						_t44 = _t27;
						_t28 = _a16;
						_a24 = _t44;
					} else {
						_t33 = SendMessageTimeoutW(_a20, _t32, _t53, _t51, _t36, _t48,  &_a24);
						_t44 = _a24;
						asm("sbb eax, eax");
						_t28 =  ~_t33 + 1;
						_a16 = _t28;
					}
				}
				if( *((intOrPtr*)(_t58 + 0x28)) >= _t36) {
					_push(_t44);
					E00406A5B();
					_t28 = _a16;
				}
				 *0x47e2e8 =  *0x47e2e8 + _t28;
				return 0;
			}


















                                                                                                                                0x00401f5d
                                                                                                                                0x00401f61
                                                                                                                                0x00401f6a
                                                                                                                                0x00401f6c
                                                                                                                                0x00401f74
                                                                                                                                0x00401f7f
                                                                                                                                0x00401f83
                                                                                                                                0x00401f89
                                                                                                                                0x00401f92
                                                                                                                                0x00401f92
                                                                                                                                0x00401f99
                                                                                                                                0x00401f9b
                                                                                                                                0x00401ff3
                                                                                                                                0x00401ff5
                                                                                                                                0x00401fff
                                                                                                                                0x00402008
                                                                                                                                0x00402011
                                                                                                                                0x00000000
                                                                                                                                0x00401f9d
                                                                                                                                0x00401fa4
                                                                                                                                0x00401fa8
                                                                                                                                0x00401fb3
                                                                                                                                0x00401fb8
                                                                                                                                0x00401fe4
                                                                                                                                0x00402017
                                                                                                                                0x00402017
                                                                                                                                0x00402019
                                                                                                                                0x0040201d
                                                                                                                                0x00401fba
                                                                                                                                0x00401fc8
                                                                                                                                0x00401fce
                                                                                                                                0x00401fd4
                                                                                                                                0x00401fd6
                                                                                                                                0x00401fd7
                                                                                                                                0x00401fd7
                                                                                                                                0x00401fb8
                                                                                                                                0x00402025
                                                                                                                                0x0040202b
                                                                                                                                0x004016c4
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • SendMessageTimeoutW.USER32 ref: 00401FC8
                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00401FE4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                • String ID: !
                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                • Opcode ID: a3bd7d433c32ce287ba494f10bf25181f229a497ab97196acf3524c802a1f869
                                                                                                                                • Instruction ID: 2d82db8dfbdff4f0a56f0078a1b1f8ecdcbfdc223d8adcab1c37f69162ed3c6d
                                                                                                                                • Opcode Fuzzy Hash: a3bd7d433c32ce287ba494f10bf25181f229a497ab97196acf3524c802a1f869
                                                                                                                                • Instruction Fuzzy Hash: 7621D171608301AFD718DF719856A2B7BE8FBC4755F00093EF985E62E1EA788E01C75A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402688, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 79%
                                                                                                                                			E00402688(intOrPtr _a12, void* _a32, void* _a60, void* _a68, void* _a72, struct _SHFILEOPSTRUCTW _a76, void* _a80, intOrPtr _a84, void* _a94) {
				void* _v12;
				WCHAR* _t19;
				int _t28;
				intOrPtr _t29;
				WCHAR* _t33;
				void* _t36;
				WCHAR* _t37;
				WCHAR* _t39;
				WCHAR* _t41;
				void* _t43;
				void* _t44;

				_t39 = E00403312(_t36);
				_t37 = E00403312(_t36);
				_t19 = E00403312(_t36, 0x23);
				_push(_t37);
				_t41 = _t19;
				E00406AF2(L"CopyFiles \"%s\"->\"%s\"", _t39);
				_t44 = _t43 + 0xc;
				if(E00406A15(_t39) != 0) {
					_a84 =  *((intOrPtr*)(_t44 + 0x1c));
					 *((intOrPtr*)(_t44 + 0x5c)) = 2;
					 *((short*)(_t39 + 2 + lstrlenW(_t39) * 2)) = 0;
					 *((short*)(_t37 + 2 + lstrlenW(_t37) * 2)) = 0;
					 *(_t44 + 0x64) = _t39;
					 *(_t44 + 0x68) = _t37;
					 *((intOrPtr*)(_t44 + 0x76)) = _t41;
					 *((short*)(_t44 + 0x6c)) =  *((intOrPtr*)(_t44 + 0x38));
					E00405F97(_t33, _t41);
					_t28 = SHFileOperationW( &_a76); // executed
					if(_t28 == 0) {
						_t29 = _a12;
					} else {
						goto L2;
					}
				} else {
					L2:
					E00405F97(0xfffffff9, _t33);
					_t29 = 1;
				}
				 *0x47e2e8 =  *0x47e2e8 + _t29;
				return 0;
			}














                                                                                                                                0x00402690
                                                                                                                                0x00402699
                                                                                                                                0x0040269b
                                                                                                                                0x004026a0
                                                                                                                                0x004026a7
                                                                                                                                0x004026a9
                                                                                                                                0x004026ae
                                                                                                                                0x004026b9
                                                                                                                                0x004026cd
                                                                                                                                0x004026d1
                                                                                                                                0x004026e1
                                                                                                                                0x004026ef
                                                                                                                                0x004026f9
                                                                                                                                0x004026fd
                                                                                                                                0x00402701
                                                                                                                                0x00402705
                                                                                                                                0x0040270a
                                                                                                                                0x00402714
                                                                                                                                0x0040271c
                                                                                                                                0x0040316f
                                                                                                                                0x00402722
                                                                                                                                0x00000000
                                                                                                                                0x00402722
                                                                                                                                0x004026bb
                                                                                                                                0x004026bb
                                                                                                                                0x004026be
                                                                                                                                0x00401736
                                                                                                                                0x00401736
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                  • Part of subcall function 00406A15: FindFirstFileW.KERNEL32(00000000,0046B1C0,00000000,00406ABC,00465DC0), ref: 00406A20
                                                                                                                                  • Part of subcall function 00406A15: FindClose.KERNEL32(00000000), ref: 00406A2C
                                                                                                                                • lstrlenW.KERNEL32 ref: 004026D9
                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026E6
                                                                                                                                • SHFileOperationW.SHELL32(?,?,00000000,00000000), ref: 00402714
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                                • Opcode ID: 93778fea2ccfb4fd32962c396e087ca9acb0c8bfe37b6f5710ab964eaa75e7a6
                                                                                                                                • Instruction ID: 8a5daabe17e7f8d1258bdb6c9608c155ad5f8d3d4391e60122464165368d5e64
                                                                                                                                • Opcode Fuzzy Hash: 93778fea2ccfb4fd32962c396e087ca9acb0c8bfe37b6f5710ab964eaa75e7a6
                                                                                                                                • Instruction Fuzzy Hash: EC11A7715083005AD614FFB6984695BBBECEF80314F50483FB801E32D2EA7DC8008B5E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405A6D, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405A7D
                                                                                                                                  • Part of subcall function 004056CC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004056DE
                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 00405ACB
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                  • Part of subcall function 004013AF: MulDiv.KERNEL32(?,00007530,00000000), ref: 0040140F
                                                                                                                                  • Part of subcall function 004013AF: SendMessageW.USER32(?,00000402,00000000), ref: 0040141F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$InitializeUninitializelstrlenwvsprintf
                                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                • API String ID: 1071265899-4211696005
                                                                                                                                • Opcode ID: fb429de031b44d7e017d105a40d97140543c774c3e92a5729a110274f27c9e3d
                                                                                                                                • Instruction ID: b25b9d2483b45665cdcec61a081fd49f98bef3c17c861995bb64d74624100489
                                                                                                                                • Opcode Fuzzy Hash: fb429de031b44d7e017d105a40d97140543c774c3e92a5729a110274f27c9e3d
                                                                                                                                • Instruction Fuzzy Hash: C8F0D1332447106BF210A799AC06B1A77A8DB84310F1986BFFA48721F39BBD0C418E6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406FC4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406FC4(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				void* _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a90c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 = _t17;
					}
					L5:
					return _t17;
				}
				_t17 = _t26;
				goto L5;
			}












                                                                                                                                0x00406fca
                                                                                                                                0x00406fd0
                                                                                                                                0x00406fd1
                                                                                                                                0x00406fd1
                                                                                                                                0x00406fd6
                                                                                                                                0x00406fd7
                                                                                                                                0x00406fda
                                                                                                                                0x00406fdf
                                                                                                                                0x00406fe2
                                                                                                                                0x00406fea
                                                                                                                                0x00406ff0
                                                                                                                                0x00406ffd
                                                                                                                                0x00407005
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407009
                                                                                                                                0x00000000
                                                                                                                                0x0040700b
                                                                                                                                0x0040700b
                                                                                                                                0x0040700b
                                                                                                                                0x00407012
                                                                                                                                0x00407017
                                                                                                                                0x00407017
                                                                                                                                0x00407010
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetTickCount.KERNEL32 ref: 00406FE2
                                                                                                                                • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403ECF,004DF000,004E3000,004E3000,004E3000,004E3000,004E3000,74B5FAA0,00403BCB), ref: 00406FFD
                                                                                                                                Strings
                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406FCD
                                                                                                                                • nsa, xrefs: 00406FD1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                • String ID: Error writing temporary file. Make sure your temp folder is valid.$nsa
                                                                                                                                • API String ID: 1716503409-2328487245
                                                                                                                                • Opcode ID: f6bbebb65fd0e4a0750510143cd047bc26f7a60ba2352dd4a81f34137c2f95f6
                                                                                                                                • Instruction ID: 302766e2392910f1ce2bb943fea939c8414eeace5a643cc032b4c22e34880b53
                                                                                                                                • Opcode Fuzzy Hash: f6bbebb65fd0e4a0750510143cd047bc26f7a60ba2352dd4a81f34137c2f95f6
                                                                                                                                • Instruction Fuzzy Hash: 6EF0FA32B01208BBDB00CF98EC05EAAB7B9EF90750F10853BFA00E7250E2B0AD509759
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406E4E, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406E4E(signed int _a4) {
				struct HINSTANCE__* _t6;
				signed int _t8;

				_t8 = _a4;
				_t9 =  *(0x40c030 + _t8 * 8);
				_t6 = GetModuleHandleA( *(0x40c030 + _t8 * 8));
				if(_t6 != 0) {
					L2:
					return GetProcAddress(_t6,  *(0x40c034 + _t8 * 8));
				}
				_t6 = E0040643F(_t9); // executed
				if(_t6 != 0) {
					goto L2;
				}
				return _t6;
			}





                                                                                                                                0x00406e50
                                                                                                                                0x00406e54
                                                                                                                                0x00406e5c
                                                                                                                                0x00406e64
                                                                                                                                0x00406e70
                                                                                                                                0x00000000
                                                                                                                                0x00406e78
                                                                                                                                0x00406e67
                                                                                                                                0x00406e6e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406e80

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,00403A5A,0000000A), ref: 00406E5C
                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406E78
                                                                                                                                  • Part of subcall function 0040643F: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406456
                                                                                                                                  • Part of subcall function 0040643F: wsprintfW.USER32 ref: 00406490
                                                                                                                                  • Part of subcall function 0040643F: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004064A4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                                                                                                                • API String ID: 2547128583-890815371
                                                                                                                                • Opcode ID: 5a46a55dc2b91cb41c13fd632bb1bc39e765edf7029a39d0ccab2df4d40d6d24
                                                                                                                                • Instruction ID: af0efe623cbdf0422213fedede3ff340b6680b92a265043c2adfbac95d65e0a3
                                                                                                                                • Opcode Fuzzy Hash: 5a46a55dc2b91cb41c13fd632bb1bc39e765edf7029a39d0ccab2df4d40d6d24
                                                                                                                                • Instruction Fuzzy Hash: 4FD01235501121D6C7011BA6ED0495B776EAE652507054036F501B2171E734D911D5FC
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040609B, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040609B(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				short _t17;
				int _t21;
				long _t23;

				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_t17 = 4;
				_v36.Control = _t17;
				_v36.Owner = 0x40a6ec;
				_v36.Group = 0x40a6ec;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Dacl = 0x40a6dc;
				_v16.nLength = 0xc;
				_t21 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t21 != 0) {
					L3:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) == 0) {
						return GetLastError();
					}
					goto L3;
				}
				return _t23;
			}








                                                                                                                                0x004060a1
                                                                                                                                0x004060a5
                                                                                                                                0x004060ab
                                                                                                                                0x004060ac
                                                                                                                                0x004060b5
                                                                                                                                0x004060b8
                                                                                                                                0x004060be
                                                                                                                                0x004060c8
                                                                                                                                0x004060ce
                                                                                                                                0x004060d5
                                                                                                                                0x004060dc
                                                                                                                                0x004060e4
                                                                                                                                0x00406109
                                                                                                                                0x00000000
                                                                                                                                0x00406109
                                                                                                                                0x004060e6
                                                                                                                                0x004060f1
                                                                                                                                0x00406107
                                                                                                                                0x00000000
                                                                                                                                0x0040610d
                                                                                                                                0x00000000
                                                                                                                                0x00406107
                                                                                                                                0x00406116

                                                                                                                                APIs
                                                                                                                                • CreateDirectoryW.KERNEL32(0000005C,00000000), ref: 004060DC
                                                                                                                                • GetLastError.KERNEL32 ref: 004060E6
                                                                                                                                • SetFileSecurityW.ADVAPI32(0000005C,80000007,00000001), ref: 004060FF
                                                                                                                                • GetLastError.KERNEL32 ref: 0040610D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3449924974-0
                                                                                                                                • Opcode ID: 40516f1b43776cfac3ed7a4c660912a2830b50cfcd536d416bac74a740ef6bc8
                                                                                                                                • Instruction ID: dd616da51c0f6b62ccde46ec1152c090e49335f75aa4fdeb851eecc73c823a8d
                                                                                                                                • Opcode Fuzzy Hash: 40516f1b43776cfac3ed7a4c660912a2830b50cfcd536d416bac74a740ef6bc8
                                                                                                                                • Instruction Fuzzy Hash: 98011E71D00209DFEF109FA0D8487EEBBB4EF14311F108436D945FA252E7788A649B99
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402175, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 004021A1
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                • String ID: HideWindow
                                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                                • Opcode ID: 800f6a955b975e7c27d67353ed81b313f7b5d0025624ee925a7c34a13783cd29
                                                                                                                                • Instruction ID: e20829db001a67b9f24be73955a3cf23c9c75e69235d3d2ecd07c6cd1a54c126
                                                                                                                                • Opcode Fuzzy Hash: 800f6a955b975e7c27d67353ed81b313f7b5d0025624ee925a7c34a13783cd29
                                                                                                                                • Instruction Fuzzy Hash: E7E0E5326083509BD604AFF5B84995677A8EB80322F20057FF101B91C2EABD5D41861E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004069CB, Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 40%
                                                                                                                                			E004069CB(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t12;
				long _t16;

				_t16 = E004070FB(_a4);
				if(_t16 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_a4);
				if((_a8 & 0x00000001) == 0) {
					_t12 = DeleteFileW(); // executed
				} else {
					_t12 = RemoveDirectoryW(); // executed
				}
				if(_t12 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_a4, _t16);
					}
					goto L8;
				} else {
					return 1;
				}
			}





                                                                                                                                0x004069d7
                                                                                                                                0x004069dc
                                                                                                                                0x00406a0e
                                                                                                                                0x00000000
                                                                                                                                0x00406a0e
                                                                                                                                0x004069e2
                                                                                                                                0x004069e5
                                                                                                                                0x004069f6
                                                                                                                                0x004069e7
                                                                                                                                0x004069e7
                                                                                                                                0x004069e7
                                                                                                                                0x004069ef
                                                                                                                                0x00406a02
                                                                                                                                0x00406a08
                                                                                                                                0x00406a08
                                                                                                                                0x00000000
                                                                                                                                0x004069f1
                                                                                                                                0x00000000
                                                                                                                                0x004069f3

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 004070FB: GetFileAttributesW.KERNEL32(?,?,004069D7,?,?,00000000,00406DFE,?,?,?,?), ref: 00407100
                                                                                                                                  • Part of subcall function 004070FB: SetFileAttributesW.KERNEL32(?,00000000), ref: 00407117
                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00406DFE,?,?,?,?), ref: 004069E7
                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000000,00406DFE,?,?,?,?), ref: 004069F6
                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406A08
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1655745494-0
                                                                                                                                • Opcode ID: aca4902af5eac4f073c28acbf5917b454f199fdf358b98ea9b346db729df96aa
                                                                                                                                • Instruction ID: eeb0e424ec32b210ea7ce3b2ac66af52719b061450ca00eea480e2392caabcc8
                                                                                                                                • Opcode Fuzzy Hash: aca4902af5eac4f073c28acbf5917b454f199fdf358b98ea9b346db729df96aa
                                                                                                                                • Instruction Fuzzy Hash: 1EF0A03120418876DB102B36DD08A1B3FA9AB82364F06C536FC57B80E1D739CC72EE28
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405B7F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00405B7F(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x47620c =  *0x47620c + 1;
				}
				_t3 = SendMessageW( *0x47621c, 0x408, _a4, 0); // executed
				return _t3;
			}




                                                                                                                                0x00405b84
                                                                                                                                0x00405b86
                                                                                                                                0x00405b86
                                                                                                                                0x00405b9d
                                                                                                                                0x00405ba3

                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000408,?,00000000,004052CE), ref: 00405B9D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID: x
                                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                                • Opcode ID: 38e646b79cb1cc13419267d14ac3d8bd35b28971bab807b6e0aa285777adab52
                                                                                                                                • Instruction ID: cee85f272d454522ef694e4c2113fc6bd7a81d7c404b88c13f9a95850ef79e50
                                                                                                                                • Opcode Fuzzy Hash: 38e646b79cb1cc13419267d14ac3d8bd35b28971bab807b6e0aa285777adab52
                                                                                                                                • Instruction Fuzzy Hash: EBC012B5285600BAC7405B40DD00B167A31F754701F21C479F745250B182311851DF1C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402A54, Relevance: 3.1, APIs: 2, Instructions: 61registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 88%
                                                                                                                                			E00402A54() {
				int* __ebx;
				void* _t16;
				void* _t22;
				void* _t24;
				short* _t28;
				void* _t32;

				_t16 = E00403395(_t22, _t24, _t32, 0x20019); // executed
				E00403312(_t24, 0x33);
				 *_t28 = 0;
				if(_t16 != 0) {
					__ecx = __esp + 0x54;
					 *(__esp + 0x54) = 0x4000;
					__ecx = __esp + 0x20;
					__eax = RegQueryValueExW(__esi, __eax, __ebx, __esp + 0x20, __ebp, __esp + 0x54);
					__edi = 0;
					__edi = 1;
					__eflags = __eax;
					if(__eax != 0) {
						L10:
						__eax = 0;
						__eflags = 0;
						 *(__esp + 0x10) = __edi;
						 *__ebp = __ax;
					} else {
						__eflags =  *(__esp + 0x18) - 4;
						if( *(__esp + 0x18) == 4) {
							__eax = 0;
							__eflags =  *(__esp + 0x3c);
							__eax = 0 | __eflags == 0x00000000;
							 *(__esp + 0x18) = __eflags == 0;
							__eax = E00406A5B(__ebp,  *__ebp);
						} else {
							__eflags =  *(__esp + 0x18) - 1;
							if( *(__esp + 0x18) == 1) {
								L7:
								__eax =  *(__esp + 0x38);
								 *(__esp + 0x10) =  *(__esp + 0x38);
								__eax = 0;
								__ebp[0x3ffe] = __ax;
							} else {
								__eflags =  *(__esp + 0x18) - 2;
								if( *(__esp + 0x18) != 2) {
									goto L10;
								} else {
									goto L7;
								}
							}
						}
					}
					_push(__esi);
					__eax = RegCloseKey();
					__eax =  *(__esp + 0x10);
				}
				 *0x47e2e8 =  *0x47e2e8 + 1;
				return 0;
			}









                                                                                                                                0x00402a59
                                                                                                                                0x00402a62
                                                                                                                                0x00402a69
                                                                                                                                0x00402a6f
                                                                                                                                0x00402a75
                                                                                                                                0x00402a79
                                                                                                                                0x00402a83
                                                                                                                                0x00402a8b
                                                                                                                                0x00402a91
                                                                                                                                0x00402a93
                                                                                                                                0x00402a94
                                                                                                                                0x00402a96
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad7
                                                                                                                                0x00402ad9
                                                                                                                                0x00402add
                                                                                                                                0x00402a98
                                                                                                                                0x00402a98
                                                                                                                                0x00402a9d
                                                                                                                                0x00402ac2
                                                                                                                                0x00402ac4
                                                                                                                                0x00402ac9
                                                                                                                                0x00402acc
                                                                                                                                0x00402ad0
                                                                                                                                0x00402a9f
                                                                                                                                0x00402a9f
                                                                                                                                0x00402aa3
                                                                                                                                0x00402aac
                                                                                                                                0x00402aac
                                                                                                                                0x00402ab0
                                                                                                                                0x00402ab4
                                                                                                                                0x00402ab6
                                                                                                                                0x00402aa5
                                                                                                                                0x00402aa5
                                                                                                                                0x00402aaa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402aaa
                                                                                                                                0x00402aa3
                                                                                                                                0x00402a9d
                                                                                                                                0x00402ae1
                                                                                                                                0x00402a35
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402A35
                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402A8B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                • Opcode ID: 237ea804aa0f8757f9efd7497e60f78dde573426678bb1911f0bc9486cd030b3
                                                                                                                                • Instruction ID: 13c5d3e5cbc0dedfa5e4090ed83de08f6d4e4d45e3ef3c88867a33ac29e61676
                                                                                                                                • Opcode Fuzzy Hash: 237ea804aa0f8757f9efd7497e60f78dde573426678bb1911f0bc9486cd030b3
                                                                                                                                • Instruction Fuzzy Hash: 88119331604341DFDB24DF649C4896BB7E8EF84305F10493FB846E6190EBB88A45CB5A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004013AF, Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 95%
                                                                                                                                			E004013AF(signed int _a4) {
				intOrPtr* _t6;
				signed int _t10;
				int _t12;
				void* _t16;
				signed int _t17;
				void* _t18;
				signed int _t20;
				void* _t21;

				_t20 = _a4;
				if(_t20 < 0) {
					L10:
					return 0;
				}
				while(1) {
					_t6 =  *0x47e250 + _t20 * 0x1c;
					if( *_t6 == 1) {
						goto L10;
					}
					_push(_t6);
					if(E004014FA() == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t16 = E004033D3(_t7);
					if(_t16 != 0) {
						_t17 = _t16 - 1;
						_t10 = _t20;
						_t20 = _t17;
						_t18 = _t17 - _t10;
					} else {
						_t18 = _t16 + 1;
						_t20 = _t20 + 1;
					}
					if( *((intOrPtr*)(_t21 + 0x10)) != 0) {
						_t12 =  *0x4761f0 + _t18;
						 *0x4761f0 = _t12;
						SendMessageW( *(_t21 + 0x1c), 0x402, MulDiv(_t12, 0x7530,  *0x4761ec), 0); // executed
					}
					if(_t20 >= 0) {
						continue;
					} else {
						goto L10;
					}
				}
				goto L10;
			}











                                                                                                                                0x004013b0
                                                                                                                                0x004013b7
                                                                                                                                0x00401429
                                                                                                                                0x00000000
                                                                                                                                0x00401429
                                                                                                                                0x004013be
                                                                                                                                0x004013c6
                                                                                                                                0x004013cb
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004013cd
                                                                                                                                0x004013d5
                                                                                                                                0x00000000
                                                                                                                                0x00401430
                                                                                                                                0x004013dd
                                                                                                                                0x004013e1
                                                                                                                                0x004013e7
                                                                                                                                0x004013e8
                                                                                                                                0x004013ea
                                                                                                                                0x004013ec
                                                                                                                                0x004013e3
                                                                                                                                0x004013e3
                                                                                                                                0x004013e4
                                                                                                                                0x004013e4
                                                                                                                                0x004013f3
                                                                                                                                0x00401402
                                                                                                                                0x0040140a
                                                                                                                                0x0040141f
                                                                                                                                0x0040141f
                                                                                                                                0x00401427
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401427
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • MulDiv.KERNEL32(?,00007530,00000000), ref: 0040140F
                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 0040141F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: 52ebc0432da9b53e6316f26f551c9a6290d634ff1b79d94c8e7a103f75870387
                                                                                                                                • Instruction ID: 160fafaa023b5f0b90bdab632d174374853bda6cb1055e9312e6505016e26a98
                                                                                                                                • Opcode Fuzzy Hash: 52ebc0432da9b53e6316f26f551c9a6290d634ff1b79d94c8e7a103f75870387
                                                                                                                                • Instruction Fuzzy Hash: 3301F232B142219BDB099F68EC09B6A3699E744715F55063EF901FB2F1D6B8DC80879C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406A74, Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 53%
                                                                                                                                			E00406A74(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				signed int _t18;
				signed short* _t22;
				signed int _t24;

				E0040708C(0x465dc0, _a4);
				_t22 = E00407123(0x465dc0);
				if(_t22 != 0) {
					E00407252(_t22);
					if(( *0x47e22c & 0x00000080) == 0) {
						L5:
						_t24 = _t22 - 0x465dc0 >> 1;
						while(1) {
							_t11 = lstrlenW(0x465dc0);
							_push(0x465dc0);
							if(_t11 <= _t24) {
								break;
							}
							_t12 = E00406A15();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00407225(0x465dc0);
								continue;
							} else {
								goto L1;
							}
						}
						E0040699C();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t22 & 0x0000ffff;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                0x00406a80
                                                                                                                                0x00406a8b
                                                                                                                                0x00406a8f
                                                                                                                                0x00406a96
                                                                                                                                0x00406aa2
                                                                                                                                0x00406ab1
                                                                                                                                0x00406ab3
                                                                                                                                0x00406acb
                                                                                                                                0x00406acc
                                                                                                                                0x00406ad2
                                                                                                                                0x00406ad5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406ab7
                                                                                                                                0x00406abe
                                                                                                                                0x00406ac6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406abe
                                                                                                                                0x00406ad7
                                                                                                                                0x00406add
                                                                                                                                0x00000000
                                                                                                                                0x00406aeb
                                                                                                                                0x00406aa4
                                                                                                                                0x00406aaa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406aaa
                                                                                                                                0x00406a91
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                  • Part of subcall function 00407123: CharNextW.USER32(Gl@,?,?,00000000,00465DC0,00406A8B,00465DC0,00465DC0,00000000,?,?,00406C47,?,00000000,74B5FAA0,?), ref: 00407132
                                                                                                                                  • Part of subcall function 00407123: CharNextW.USER32(00000000), ref: 00407137
                                                                                                                                  • Part of subcall function 00407123: CharNextW.USER32(00000000), ref: 00407151
                                                                                                                                • lstrlenW.KERNEL32(00465DC0,00000000,00465DC0,00465DC0,00000000,?,?,00406C47,?,00000000,74B5FAA0,?), ref: 00406ACC
                                                                                                                                • GetFileAttributesW.KERNEL32(00465DC0,00465DC0), ref: 00406ADD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3248276644-0
                                                                                                                                • Opcode ID: 076f837751300d3b4b15e1ef00c1c20903c11d4f16ee82a4b051c62f24a5003c
                                                                                                                                • Instruction ID: cbf0e0b3d9fe97b20f5cf4fce909e2c6fe2bb96b07ed7f1d42f4d058cad95505
                                                                                                                                • Opcode Fuzzy Hash: 076f837751300d3b4b15e1ef00c1c20903c11d4f16ee82a4b051c62f24a5003c
                                                                                                                                • Instruction Fuzzy Hash: C4F0F4B17083221AC6213B7A1D8962F155C4F06364717DA7BBC93B12D3DA3CEC6089BD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040314A, Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E0040314A(struct HWND__* __edx, signed int __edi, intOrPtr _a16, struct HWND__* _a28, intOrPtr _a40) {
				intOrPtr _t7;
				RECT* _t11;

				SendMessageW(__edx, 0xb,  *0x441d40 & __edi, ??); // executed
				if(_a40 != _t11) {
					InvalidateRect(_a28, _t11, _t11);
				}
				_t7 = _a16;
				 *0x47e2e8 =  *0x47e2e8 + _t7;
				return 0;
			}





                                                                                                                                0x00403156
                                                                                                                                0x00403160
                                                                                                                                0x00403169
                                                                                                                                0x00403169
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,0000000B,?), ref: 00403156
                                                                                                                                • InvalidateRect.USER32(?,?,?,?,0000000B,?), ref: 00403169
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InvalidateMessageRectSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 909852535-0
                                                                                                                                • Opcode ID: 2bac83cbf0eca31b5ad59b28e84dfcf6ff06327cfef5d539776fffc82635bd12
                                                                                                                                • Instruction ID: 4d4ce18039d109dbf1c0a0f120a09b089aa812b97a32bc3c6e8669f821a7a9a3
                                                                                                                                • Opcode Fuzzy Hash: 2bac83cbf0eca31b5ad59b28e84dfcf6ff06327cfef5d539776fffc82635bd12
                                                                                                                                • Instruction Fuzzy Hash: ABE04FB6640240AFD310DFA4ECC5D6777ACE784365F04097AF500D5161C2389C448728
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403F0E, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00403F0E() {
				void* _t2;
				void* _t3;
				void* _t5;
				void* _t7;

				_t5 =  *0x441d38;
				_t3 = E00403EF3(_t2, 0);
				if(_t5 != 0) {
					do {
						_t7 = _t5;
						_t5 =  *_t5;
						FreeLibrary( *(_t7 + 8)); // executed
						_t3 = GlobalFree(_t7);
					} while (_t5 != 0);
				}
				 *0x441d38 =  *0x441d38 & 0x00000000;
				return _t3;
			}







                                                                                                                                0x00403f0f
                                                                                                                                0x00403f17
                                                                                                                                0x00403f1e
                                                                                                                                0x00403f21
                                                                                                                                0x00403f21
                                                                                                                                0x00403f23
                                                                                                                                0x00403f28
                                                                                                                                0x00403f2f
                                                                                                                                0x00403f35
                                                                                                                                0x00403f39
                                                                                                                                0x00403f3a
                                                                                                                                0x00403f42

                                                                                                                                APIs
                                                                                                                                • FreeLibrary.KERNEL32(?,74B5FAA0,00000000,00000000,004039E0,00403DDE,00000000), ref: 00403F28
                                                                                                                                • GlobalFree.KERNEL32 ref: 00403F2F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1100898210-0
                                                                                                                                • Opcode ID: 91e6b97f5645864ccf54201660fa19046b78647ea57fc62f72e0c265e5387850
                                                                                                                                • Instruction ID: 23079bd641746ce15e6ea1ae41a8e4144bae420d81eb8715f505adb0ef79a75a
                                                                                                                                • Opcode Fuzzy Hash: 91e6b97f5645864ccf54201660fa19046b78647ea57fc62f72e0c265e5387850
                                                                                                                                • Instruction Fuzzy Hash: A5E0C2375001029BC711AF49ED08746B77DAFD9722F25013AE445672B1DB786C824A9C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004070FB, Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004070FB(WCHAR* _a4) {
				signed int _t3;
				signed int _t8;

				_t3 = GetFileAttributesW(_a4); // executed
				_t8 = _t3;
				if(_t8 != 0xffffffff) {
					SetFileAttributesW(_a4, _t8 & 0xfffffffe); // executed
				}
				return _t8;
			}





                                                                                                                                0x00407100
                                                                                                                                0x00407106
                                                                                                                                0x0040710b
                                                                                                                                0x00407117
                                                                                                                                0x00407117
                                                                                                                                0x00407120

                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,004069D7,?,?,00000000,00406DFE,?,?,?,?), ref: 00407100
                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00407117
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                • Opcode ID: 1033383cf7c5fe6e33435e402404e4cbd8717c6463a290c9125346811b793288
                                                                                                                                • Instruction ID: 92c0edd140a6c966ef903784d2f10a887b2d73e2fd3a1dd89205432361e6cfa3
                                                                                                                                • Opcode Fuzzy Hash: 1033383cf7c5fe6e33435e402404e4cbd8717c6463a290c9125346811b793288
                                                                                                                                • Instruction Fuzzy Hash: 47D0A7313050216BC6041728EC0C49ABA11DB852B0B008735BCF6662F1D7300C1186C4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406E83, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406E83(WCHAR* _a4, long _a8, long _a12) {
				long _t5;
				void* _t7;

				_t5 = GetFileAttributesW(_a4); // executed
				_t6 =  ==  ? 0 : _t5;
				_t7 = CreateFileW(_a4, _a8, 1, 0, _a12,  ==  ? 0 : _t5, 0); // executed
				return _t7;
			}





                                                                                                                                0x00406e87
                                                                                                                                0x00406e94
                                                                                                                                0x00406ea7
                                                                                                                                0x00406ead

                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNEL32(00000003,00403719,004EB000,80000000,00000003,?,?,?,00403C38,00000000), ref: 00406E87
                                                                                                                                • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000000,00000000,?,?,?,00403C38,00000000), ref: 00406EA7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 415043291-0
                                                                                                                                • Opcode ID: 46b21b62bb7bcd6b174121172c67be367e82435df91615b5405ec2f5da55e6f4
                                                                                                                                • Instruction ID: 7a2696210fe8e7a7ca80957514452df40a961bcf1b0342eca098489a74f058d1
                                                                                                                                • Opcode Fuzzy Hash: 46b21b62bb7bcd6b174121172c67be367e82435df91615b5405ec2f5da55e6f4
                                                                                                                                • Instruction Fuzzy Hash: 6AD09E71118202EEEF054F20DD4AF1EBA65EF84710F108A2CF1A5940F0D6718C14AA11
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040607B, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040607B(WCHAR* _a4) {
				int _t2;
				long _t5;

				_t5 = 0;
				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					_t5 = GetLastError();
				}
				return _t5;
			}





                                                                                                                                0x0040607c
                                                                                                                                0x00406083
                                                                                                                                0x0040608b
                                                                                                                                0x00406093
                                                                                                                                0x00406093
                                                                                                                                0x00406098

                                                                                                                                APIs
                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,004E3000,00403EC4,004E3000,004E3000,004E3000,004E3000,74B5FAA0,00403BCB), ref: 00406083
                                                                                                                                • GetLastError.KERNEL32 ref: 0040608D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                • Opcode ID: 02cda65bdb9d3310b09ed0a7edec5c5b8f41f272293186ee49502f132f3fada8
                                                                                                                                • Instruction ID: ad78f5cf3f8e609bfdd326041cf5a844afca19a21cb8ab4464c5fc49ef0fbdc4
                                                                                                                                • Opcode Fuzzy Hash: 02cda65bdb9d3310b09ed0a7edec5c5b8f41f272293186ee49502f132f3fada8
                                                                                                                                • Instruction Fuzzy Hash: 8FC012322010305BC7216B76AC0CA8BAE98AB157A1302813AFA49E2220D2308C208AE8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 03271489, Relevance: 2.5, APIs: 2, Instructions: 21memorystringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E03271489(WCHAR* _a4) {
				void* _t5;
				void* _t8;
				void** _t13;
				void* _t15;

				if( *0x3273000 != 0) {
					_t6 =  *0x3273004;
					_t8 = GlobalAlloc(0x40,  *0x3273004 + _t6 + 8); // executed
					_t15 = _t8;
					_t4 = _t15 + 4; // 0x4
					lstrcpynW(_t4, _a4,  *0x3273004);
					 *_t15 =  *( *0x3273000);
					_t13 =  *0x3273000;
					 *_t13 = _t15;
					return _t13;
				}
				return _t5;
			}







                                                                                                                                0x03271490
                                                                                                                                0x03271492
                                                                                                                                0x0327149f
                                                                                                                                0x032714ab
                                                                                                                                0x032714b1
                                                                                                                                0x032714b5
                                                                                                                                0x032714c2
                                                                                                                                0x032714c4
                                                                                                                                0x032714c9
                                                                                                                                0x00000000
                                                                                                                                0x032714cb
                                                                                                                                0x032714cc

                                                                                                                                APIs
                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,03273020,032714FC,?), ref: 0327149F
                                                                                                                                • lstrcpynW.KERNEL32(00000004,?), ref: 032714B5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.456509856.0000000003271000.00000020.00020000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.456489490.0000000003270000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456569651.0000000003272000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456602295.0000000003274000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_3270000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocGloballstrcpyn
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3204721840-0
                                                                                                                                • Opcode ID: ca3c61c2d5a280a97dad97a4214de27dda973c654d2e7ba8f1e8453c23267bfa
                                                                                                                                • Instruction ID: e6d57847d9015605d85cd3cc4bf0fc90e6cb945bd5a53de14968b8d716037ca1
                                                                                                                                • Opcode Fuzzy Hash: ca3c61c2d5a280a97dad97a4214de27dda973c654d2e7ba8f1e8453c23267bfa
                                                                                                                                • Instruction Fuzzy Hash: B7F0AE7A100211DFC311EF54F848E91BBE8FB18310B008815EB89C7228C330A844EFA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406F77, Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406F77(void* __ecx, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t7;
				long _t11;
				struct _OVERLAPPED* _t14;

				_t11 = _a12;
				_t14 = 0;
				_t7 = WriteFile(_a4, _a8, _t11,  &_v8, 0); // executed
				if(_t7 != 0 && _t11 == _v8) {
					_t14 = 1;
				}
				return _t14;
			}







                                                                                                                                0x00406f7d
                                                                                                                                0x00406f83
                                                                                                                                0x00406f8e
                                                                                                                                0x00406f96
                                                                                                                                0x00406f9d
                                                                                                                                0x00406f9d
                                                                                                                                0x00406fa5

                                                                                                                                APIs
                                                                                                                                • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,?,00000000,?,00431D38,00403641,?,00431D38,?,00431D38,?,00000000), ref: 00406F8E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                • Opcode ID: 1fed692cac5ed97e4b13f26d2b19e0917e6baf3ad09257ff057aaa7e064908c6
                                                                                                                                • Instruction ID: 9a02dc1e946df7b7b5f1f396b93d0bb2b794330ac47f964ad752c19371f137fe
                                                                                                                                • Opcode Fuzzy Hash: 1fed692cac5ed97e4b13f26d2b19e0917e6baf3ad09257ff057aaa7e064908c6
                                                                                                                                • Instruction Fuzzy Hash: 2DE04F32200019BBCB208F8ADC04DDFFF6CEF516A17014067FC04A2110D271AD21D6F4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406EB0, Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406EB0(void* __ecx, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t7;
				long _t11;
				struct _OVERLAPPED* _t14;

				_t11 = _a12;
				_t14 = 0;
				_t7 = ReadFile(_a4, _a8, _t11,  &_v8, 0); // executed
				if(_t7 != 0 && _t11 == _v8) {
					_t14 = 1;
				}
				return _t14;
			}







                                                                                                                                0x00406eb6
                                                                                                                                0x00406ebc
                                                                                                                                0x00406ec7
                                                                                                                                0x00406ecf
                                                                                                                                0x00406ed6
                                                                                                                                0x00406ed6
                                                                                                                                0x00406ede

                                                                                                                                APIs
                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,?,00000000,?,00000000,00403488,00000004,00000004,00000000,00000000,00000000), ref: 00406EC7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: 21914ff2b9c7297b0b7fdef380fd7f9507b0660ffda7e9ec99b9c3c42e9ecfd5
                                                                                                                                • Instruction ID: 516b71244735290523f8ccf0c8f310eb7a75de175377418a71d643f2d56428e1
                                                                                                                                • Opcode Fuzzy Hash: 21914ff2b9c7297b0b7fdef380fd7f9507b0660ffda7e9ec99b9c3c42e9ecfd5
                                                                                                                                • Instruction Fuzzy Hash: 22E04F32200129BB8F208F8ADC08D9FFF6CEF556A07014027F904A3110D271AD21D7E4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406550, Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406550(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E004063C0(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                0x0040655a
                                                                                                                                0x00406561
                                                                                                                                0x00406579
                                                                                                                                0x00000000
                                                                                                                                0x00406579
                                                                                                                                0x00406565
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,00000000,004028EC,00000000,?,00000000), ref: 00406579
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: d2e7b59fee204825c4150a01079157d54c068fd375ca5d23258f8728d9a88afb
                                                                                                                                • Instruction ID: 67819f6924bd35f94affd7293fc51a7817615589d3a1d6bc3dd8dc720b5f0e2b
                                                                                                                                • Opcode Fuzzy Hash: d2e7b59fee204825c4150a01079157d54c068fd375ca5d23258f8728d9a88afb
                                                                                                                                • Instruction Fuzzy Hash: AAE0E672010209BEEF199F50ED0ADBB371DEB14350F00452ABE1695061F7B5AD30A775
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406583, Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406583(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E004063C0(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                0x0040658d
                                                                                                                                0x00406594
                                                                                                                                0x004065a7
                                                                                                                                0x00000000
                                                                                                                                0x004065a7
                                                                                                                                0x00406598
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • RegOpenKeyExW.KERNEL32(00000000,?,00000000,?,?,00004000,?,?,00406F0F,00004000,?,?,?,Delete on reboot: ,?,?), ref: 004065A7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Open
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 71445658-0
                                                                                                                                • Opcode ID: 1df55fdd0f4f5e72049eb3121961c4567abe6337f0a1d0e39cec91a1a6666819
                                                                                                                                • Instruction ID: 7f821e7e53aafede8e2b3f650df5496b7ab097d883143ec3efbe4fc34ebcd8f8
                                                                                                                                • Opcode Fuzzy Hash: 1df55fdd0f4f5e72049eb3121961c4567abe6337f0a1d0e39cec91a1a6666819
                                                                                                                                • Instruction Fuzzy Hash: 0FD0173200020DBBDF11AE90EC01FAB3B2DAB08310F004822FE16A40A1D376DA70AB68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004064E0, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 64%
                                                                                                                                			E004064E0(WCHAR* _a4, WCHAR* _a8) {
				int _t5;

				_t5 = MoveFileExW(_a4, _a8, 5); // executed
				if(_t5 == 0) {
					_push(_a8);
					_push(_a4);
					_t5 = E004065B1();
				}
				 *0x47e2f0 =  *0x47e2f0 + 1;
				return _t5;
			}




                                                                                                                                0x004064ea
                                                                                                                                0x004064f2
                                                                                                                                0x004064f4
                                                                                                                                0x004064f8
                                                                                                                                0x004064fc
                                                                                                                                0x00406502
                                                                                                                                0x00406503
                                                                                                                                0x00406509

                                                                                                                                APIs
                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000005,00406E24,?,00000000,000000F1,?,?,?,?,?), ref: 004064EA
                                                                                                                                  • Part of subcall function 004065B1: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00000000,?,?,00406501,?,?), ref: 004065ED
                                                                                                                                  • Part of subcall function 004065B1: GetShortPathNameW.KERNEL32 ref: 004065F6
                                                                                                                                  • Part of subcall function 004065B1: GetShortPathNameW.KERNEL32 ref: 00406613
                                                                                                                                  • Part of subcall function 004065B1: wsprintfA.USER32 ref: 00406631
                                                                                                                                  • Part of subcall function 004065B1: GetFileSize.KERNEL32(00000000,00000000,0046A1C0,C0000000,00000004,0046A1C0,?), ref: 0040666D
                                                                                                                                  • Part of subcall function 004065B1: GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040667D
                                                                                                                                  • Part of subcall function 004065B1: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004066AD
                                                                                                                                  • Part of subcall function 004065B1: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00469DC0,00000000,-0000000A,0040A928,00000000,[Rename],00000000,00000000,00000000), ref: 004066CD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1930046112-0
                                                                                                                                • Opcode ID: 88bd987b6cfef48946afbad568f2c52bbca50bae89a66cfa9ac061a77486e64c
                                                                                                                                • Instruction ID: 400c34d072a596e726bc5cb492d48a7d7eb6025adc4f1b52e52e64c3a7490668
                                                                                                                                • Opcode Fuzzy Hash: 88bd987b6cfef48946afbad568f2c52bbca50bae89a66cfa9ac061a77486e64c
                                                                                                                                • Instruction Fuzzy Hash: 78D0C932108202BEEB111F11FC09A1BBFA5FB94355F11C83EF589640B5EB328561DF09
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004056FE, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004056FE(signed int _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;

				_t7 = SetDlgItemTextW(_v4, _v0 + 0x3e8, E00406119(0, _a12)); // executed
				return _t7;
			}






                                                                                                                                0x00405718
                                                                                                                                0x0040571d

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ItemText
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3367045223-0
                                                                                                                                • Opcode ID: e3c9570f7dd0483f7d0a85c47b06583f1d6bedb2cd3466fcca52445ff846595f
                                                                                                                                • Instruction ID: 2c32ace9ba247d717688b41e73649552bde697705e366521db9142ffe92aed09
                                                                                                                                • Opcode Fuzzy Hash: e3c9570f7dd0483f7d0a85c47b06583f1d6bedb2cd3466fcca52445ff846595f
                                                                                                                                • Instruction Fuzzy Hash: C7C04C75548200BFD781A755CC42F1FB799AF94319F00C92EB5ACE51D3C63994249A26
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004056CC, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004056CC(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x4761fc;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                0x004056cc
                                                                                                                                0x004056d3
                                                                                                                                0x004056de
                                                                                                                                0x00000000
                                                                                                                                0x004056de
                                                                                                                                0x004056e4

                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004056DE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: a949ca6fc9f8db6057086e13981eb98f4eb4552557731d3d3ceaeb015d343af6
                                                                                                                                • Instruction ID: f02a5a6defd810dac877d3f0c2cacf61f449dc28e0e22ed92fb2e181dd1987cf
                                                                                                                                • Opcode Fuzzy Hash: a949ca6fc9f8db6057086e13981eb98f4eb4552557731d3d3ceaeb015d343af6
                                                                                                                                • Instruction Fuzzy Hash: 2FC04C716416017BDA108B619D09F477659A751705F518839B605A51D1C675D410DA1C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403418, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00403418(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40c010, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                0x00403426
                                                                                                                                0x0040342c

                                                                                                                                APIs
                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,004038C3,?,?,?,?,00403C38,00000000), ref: 00403426
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FilePointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 973152223-0
                                                                                                                                • Opcode ID: c8d5d00d3f57e2ff0321d8ecab2855edb567daa8ab0e3affe724000b631d9a65
                                                                                                                                • Instruction ID: 5d81d68f941688d05c229b03086e99479c270bae8d51db5bc7a5d701de742ea2
                                                                                                                                • Opcode Fuzzy Hash: c8d5d00d3f57e2ff0321d8ecab2855edb567daa8ab0e3affe724000b631d9a65
                                                                                                                                • Instruction Fuzzy Hash: FDB01231240200FFEA214F40DE09F05BB31B790700F10C430B390780F082711460EB0C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004056E7, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004056E7(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x47621c, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                0x004056f5
                                                                                                                                0x004056fb

                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004054F8), ref: 004056F5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: a165e12b5f8d57227796274b901fbdb7d933b0883eecd317107bb9af0eda86da
                                                                                                                                • Instruction ID: 1ac1baf0ad3092c058326b04cc18e13532374508e2af9406e02ed8e901cc920e
                                                                                                                                • Opcode Fuzzy Hash: a165e12b5f8d57227796274b901fbdb7d933b0883eecd317107bb9af0eda86da
                                                                                                                                • Instruction Fuzzy Hash: 07B092392C6600BADA915B40ED09F867A62A7A4701F118464B205240F1C6B204A4DF08
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405687, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00405687(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x451d54, _a4); // executed
				return _t2;
			}




                                                                                                                                0x00405691
                                                                                                                                0x00405697

                                                                                                                                APIs
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00405487), ref: 00405691
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                • Opcode ID: fb8c8fe4a4c0eaf7fb56dc3bdd03f667a1cc7423f9fd8fe2ce9f2f04499bc8b2
                                                                                                                                • Instruction ID: 0e7de9ffe852b087105216d41f85fbe77461960d9b373a85d92a81fd33bc6100
                                                                                                                                • Opcode Fuzzy Hash: fb8c8fe4a4c0eaf7fb56dc3bdd03f667a1cc7423f9fd8fe2ce9f2f04499bc8b2
                                                                                                                                • Instruction Fuzzy Hash: 61A00275404100ABCA015B50DF05D557B75A7547017014575E1455043597355C64EB19
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 0040464D, Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 543windowmemoryCOMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E0040464D() {
				struct HWND__* _t156;
				struct HWND__* _t159;
				void* _t160;
				void* _t167;
				void* _t172;
				struct HWND__* _t174;
				struct HWND__* _t193;
				void* _t195;
				void* _t196;
				int _t205;
				signed int _t210;
				signed int _t215;
				void* _t222;
				void* _t225;
				signed char* _t240;
				long _t244;
				void* _t248;
				int _t258;
				void* _t259;
				intOrPtr _t263;
				void* _t264;
				signed int _t268;
				signed int _t271;
				struct HWND__* _t280;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				long _t286;
				void* _t287;
				int _t289;
				signed int _t291;
				long _t295;
				signed int _t296;
				int _t297;
				int _t299;
				int _t301;
				int _t303;
				struct HWND__* _t304;
				signed int* _t306;
				int _t308;
				signed char* _t310;
				struct HWND__* _t311;
				struct HWND__* _t312;
				signed int _t314;
				long _t316;
				void* _t319;
				long _t320;
				signed int _t321;
				struct HWND__* _t322;
				int _t324;
				struct HWND__* _t325;
				struct HWND__* _t327;
				struct HWND__* _t329;
				void* _t330;

				_t311 =  *(_t330 + 0x64);
				 *((intOrPtr*)(_t330 + 0x20)) = GetDlgItem(_t311, 0x3f9);
				_t156 = GetDlgItem(_t311, 0x408);
				_t324 =  *(_t330 + 0x6c);
				_t266 = _t156;
				_t258 =  *(_t330 + 0x74);
				_t289 = 1;
				 *(_t330 + 0x14) =  *0x47e248;
				 *((intOrPtr*)(_t330 + 0x20)) =  *0x47e230;
				_t159 = 0;
				 *(_t330 + 0x10) = _t156;
				if(_t324 != 0x110) {
					L23:
					if(_t324 != 0x405) {
						_t312 =  *(_t330 + 0x70);
					} else {
						_t258 = _t289;
						_t324 = _t324 + 0xa;
						_t312 = _t159;
						 *(_t330 + 0x74) = _t258;
						 *(_t330 + 0x6c) = _t324;
					}
					 *(_t330 + 0x70) = _t312;
					if(_t324 == 0x4e || _t324 == 0x413) {
						_t299 = _t258;
						if(_t324 == 0x413 ||  *((intOrPtr*)(_t258 + 4)) == 0x408) {
							if(( *0x47e22c & 0x00000200) == 0 && (_t324 == 0x413 ||  *((intOrPtr*)(_t258 + 8)) == 0xfffffffe)) {
								_t215 = E004058C9(_t266, 0 | _t324 != 0x00000413);
								 *(_t330 + 0x28) = _t215;
								if(_t215 >= 0) {
									_t296 = _t215 * 0x4018;
									_t282 = ( *(_t330 + 0x14) + 8)[_t296];
									if((_t282 & 0x00000010) == 0) {
										if((_t282 & 0x00000040) == 0) {
											_t283 = _t282 ^ 0x00000001;
										} else {
											_t284 = _t282 ^ 0x00000080;
											if(_t284 >= 0) {
												_t283 = _t284 & 0xfffffffe;
											} else {
												_t283 = _t284 | 0x00000001;
											}
										}
										( *(_t330 + 0x14) + 8)[_t296] = _t283;
										E0040122B(_t215);
										_t312 =  *(_t330 + 0x28) + 1;
										 *(_t330 + 0x70) = _t312;
										_t258 =  !( *0x47e22c >> 8) & 1;
										_t324 = 0x40f;
										 *(_t330 + 0x74) = _t258;
										 *(_t330 + 0x6c) = 0x40f;
									}
								}
							}
							if(_t299 != 0) {
								if( *((intOrPtr*)(_t299 + 8)) == 0xfffffe3d) {
									SendMessageW( *(_t330 + 0x1c), 0x419, 0,  *(_t299 + 0x5c));
								}
								if( *((intOrPtr*)(_t299 + 8)) == 0xfffffe39) {
									_t210 =  *(_t299 + 0x5c) * 0x4018;
									_t280 =  *(_t330 + 0x14);
									if( *((intOrPtr*)(_t299 + 0xc)) != 2) {
										 *(_t210 + _t280 + 8) =  *(_t210 + _t280 + 8) & 0xffffffdf;
									} else {
										 *(_t210 + _t280 + 8) =  *(_t210 + _t280 + 8) | 0x00000020;
									}
								}
							}
						}
					}
					if(_t324 != 0x111) {
						goto L57;
					} else {
						if(_t312 != 0x3f9 || _t312 >> 0x10 != 1) {
							goto L96;
						} else {
							_t205 = SendMessageW( *(_t330 + 0x24), 0x147, 0, 0);
							if(_t205 == 0xffffffff) {
								goto L96;
							}
							_t258 = 0;
							_t316 = SendMessageW( *(_t330 + 0x24), 0x150, _t205, 0);
							if(_t316 == 0xffffffff ||  *((intOrPtr*)( *((intOrPtr*)(_t330 + 0x20)) + 0x94 + _t316 * 4)) == 0) {
								_t316 = 0x20;
							}
							E0040129A(_t316);
							SendMessageW( *(_t330 + 0x74), 0x420, _t258, _t316);
							_t312 = _t316 | 0xffffffff;
							 *(_t330 + 0x74) = _t258;
							_t324 = 0x40f;
							 *(_t330 + 0x70) = _t312;
							 *(_t330 + 0x6c) = 0x40f;
							L57:
							if(_t324 == 0x200) {
								SendMessageW( *(_t330 + 0x1c), 0x200, 0, 0);
							}
							if(_t324 != 0x40b) {
								_t301 = 0;
							} else {
								_t195 =  *0x459d70; // 0x0
								if(_t195 != 0) {
									ImageList_Destroy(_t195);
								}
								_t196 =  *0x459d6c; // 0x0
								if(_t196 != 0) {
									GlobalFree(_t196);
								}
								_t301 = 0;
								 *0x459d70 = 0;
								 *0x459d6c = 0;
								 *0x47e284 = 0;
							}
							_t160 = 8;
							if(_t324 != 0x40f) {
								L92:
								if(_t324 != 0x420 || ( *0x47e22c & 0x00000100) == 0) {
									goto L96;
								} else {
									_t303 =  ==  ? _t160 : 0;
									ShowWindow( *(_t330 + 0x14), _t303);
									ShowWindow(GetDlgItem( *(_t330 + 0x70), 0x3fe), _t303);
									goto L95;
								}
							} else {
								E004012E7(_t301, _t301);
								if(_t312 != 0) {
									_t193 = _t312;
									if(_t312 != 0xffffffff) {
										_t193 = _t312 - 1;
									}
									_push(_t193);
									_push(8);
									E0040569A();
								}
								if(_t258 == 0) {
									L77:
									E004012E7(_t301, _t301);
									_t268 =  *0x47e24c;
									_t167 =  *0x459d6c; // 0x0
									 *(_t330 + 0x28) = _t301;
									_t304 =  *0x47e248;
									 *(_t330 + 0x38) = 0xf030;
									if(_t268 <= 0) {
										L89:
										InvalidateRect( *(_t330 + 0x18), 0, 1);
										if( *((intOrPtr*)( *0x476200 + 0x10)) != 0) {
											_t172 = E00405A1D(5);
											_push(0);
											E00405744(_t268, 0x3ff, 0xfffffffb, _t172);
										}
										_t160 = 8;
										goto L92;
									}
									_t314 =  *(_t330 + 0x28);
									_t306 = _t304 + 8;
									_t325 =  *(_t330 + 0x10);
									_t259 = _t167;
									do {
										_t174 =  *(_t259 + _t314 * 4);
										 *(_t330 + 0x24) = _t174;
										if(_t174 != 0) {
											_t291 =  *_t306;
											 *(_t330 + 0x30) = _t174;
											 *(_t330 + 0x2c) = 8;
											if((_t291 & 0x00000100) != 0) {
												 *(_t330 + 0x2c) = 9;
												 *(_t330 + 0x3c) =  &(_t306[4]);
												 *_t306 =  *_t306 & 0xfffffeff;
												 *(_t330 + 0x24) =  *(_t330 + 0x30);
											}
											if((_t291 & 0x00000040) == 0) {
												_t271 = (_t291 & 1) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t271 = _t271 + 3;
												}
											} else {
												_t271 = 3;
											}
											 *(_t330 + 0x38) = (_t271 << 0x0000000b | _t291 & 0x00000008) + (_t271 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageW(_t325, 0x1102, (_t291 >> 0x00000005 & 1) + 1,  *(_t330 + 0x24));
											SendMessageW(_t325, 0x113f, 0, _t330 + 0x2c);
											_t268 =  *0x47e24c;
										}
										_t314 = _t314 + 1;
										_t306 =  &(_t306[0x1006]);
									} while (_t314 < _t268);
									_t258 =  *(_t330 + 0x74);
									_t324 =  *(_t330 + 0x6c);
									_t312 =  *(_t330 + 0x70);
									goto L89;
								} else {
									_push( *0x459d6c);
									_t258 = E004011A0();
									 *(_t330 + 0x78) = _t258;
									E0040129A(_t258);
									_t295 = 0;
									if(_t258 <= 0) {
										L76:
										SendMessageW( *(_t330 + 0x24), 0x14e, _t301, 0);
										_t324 = 0x420;
										_t301 = 0;
										 *(_t330 + 0x6c) = 0x420;
										goto L77;
									}
									do {
										_t117 = _t301 + 1; // 0x1
										_t295 = _t295 + 1;
										_t277 =  ==  ? _t301 : _t117;
										_t301 =  ==  ? _t301 : _t117;
									} while (_t295 < _t258);
									_t312 =  *(_t330 + 0x70);
									goto L76;
								}
							}
						}
					}
				} else {
					_t308 = 2;
					 *0x47e284 = _t311;
					 *0x459d6c = GlobalAlloc(0x40,  *0x47e24c << 2);
					_t222 = LoadBitmapW( *0x476218, 0x6e);
					 *0x459d68 =  *0x459d68 | 0xffffffff;
					_t319 = _t222;
					 *0x451d64 = SetWindowLongW( *(_t330 + 0x18), 0xfffffffc, E00405AF3);
					_t225 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x459d70 = _t225;
					ImageList_AddMasked(_t225, _t319, 0xff00ff);
					SendMessageW( *(_t330 + 0x1c), 0x1109, _t308,  *0x459d70);
					if(SendMessageW( *(_t330 + 0x1c), 0x111c, 0, 0) < 0x10) {
						SendMessageW( *(_t330 + 0x1c), 0x111b, 0x10, 0);
					}
					DeleteObject(_t319);
					_t327 =  *(_t330 + 0x18);
					_t285 = 0;
					_t263 =  *((intOrPtr*)(_t330 + 0x20));
					_t320 = 0;
					do {
						_t231 =  *((intOrPtr*)(_t263 + 0x94 + _t320 * 4));
						if( *((intOrPtr*)(_t263 + 0x94 + _t320 * 4)) != 0) {
							SendMessageW(_t327, 0x151, SendMessageW(_t327, 0x143, 0, E00406119(_t285, _t231)), _t320);
							_t254 =  ==  ? _t308 : 0;
							_t285 = 0;
							_t308 =  ==  ? _t308 : 0;
						}
						_t320 = _t320 + 1;
					} while (_t320 < 0x21);
					_t258 =  *(_t330 + 0x74);
					 *(_t330 + 0x24) = _t308;
					_push( *((intOrPtr*)(_t258 + 0x30 + _t308 * 4)));
					_push(0x15);
					E004056FE( *((intOrPtr*)(_t330 + 0x68)));
					_push( *((intOrPtr*)(_t258 + 0x34 + _t308 * 4)));
					_push(0x16);
					E004056FE( *((intOrPtr*)(_t330 + 0x68)));
					_t324 =  *(_t330 + 0x6c);
					_t297 = 0;
					_t286 = 0;
					_t321 = 0;
					 *(_t330 + 0x1c) = 0;
					if( *0x47e24c <= 0) {
						L18:
						_t322 =  *(_t330 + 0x10);
						SetWindowLongW(_t322, 0xfffffff0, GetWindowLongW(_t322, 0xfffffff0) & 0xfffffffb);
						goto L20;
					} else {
						_t264 = 0;
						_t329 =  *(_t330 + 0x10);
						_t310 =  *(_t330 + 0x14) + 8;
						do {
							_t240 =  &(_t310[0x10]);
							if( *_t240 != _t297) {
								 *(_t330 + 0x44) = _t240;
								 *(_t330 + 0x2c) = _t286;
								 *(_t330 + 0x30) = 0xffff0002;
								 *((intOrPtr*)(_t330 + 0x34)) = 0xd;
								 *((intOrPtr*)(_t330 + 0x40)) = 0x20;
								 *(_t330 + 0x58) = _t321;
								 *(_t330 + 0x3c) =  *_t310 & 0x00000020;
								if(( *_t310 & 0x00000002) == 0) {
									if(( *_t310 & 0x00000004) == 0) {
										_t244 = SendMessageW(_t329, 0x1132, _t297, _t330 + 0x2c);
										_t287 =  *0x459d6c; // 0x0
										 *(_t287 + _t321 * 4) = _t244;
										_t286 =  *(_t330 + 0x1c);
									} else {
										_t286 = SendMessageW(_t329, 0x110a, 3, _t286);
										 *(_t330 + 0x1c) = _t286;
									}
								} else {
									 *((intOrPtr*)(_t330 + 0x34)) = 0x4d;
									_t264 = 1;
									 *(_t330 + 0x64) = 1;
									_t286 = SendMessageW(_t329, 0x1132, _t297, _t330 + 0x2c);
									_t248 =  *0x459d6c; // 0x0
									 *(_t330 + 0x1c) = _t286;
									 *(_t248 + _t321 * 4) = _t286;
								}
								_t297 = 0;
							}
							_t321 = _t321 + 1;
							_t310 =  &(_t310[0x4018]);
						} while (_t321 <  *0x47e24c);
						_t324 =  *(_t330 + 0x6c);
						_t258 =  *(_t330 + 0x74);
						if(_t264 != 0) {
							_t322 =  *(_t330 + 0x10);
							L20:
							if( *(_t330 + 0x24) != 0) {
								E004056E7(_t322);
								_t266 =  *(_t330 + 0x10);
								_t159 = 0;
								_t289 = 1;
								goto L23;
							} else {
								ShowWindow( *(_t330 + 0x18), 5);
								E004056E7( *(_t330 + 0x18));
								L95:
								_t312 =  *(_t330 + 0x70);
								L96:
								return E0040594C(_t324, _t312, _t258);
							}
						}
						goto L18;
					}
				}
			}


























































                                                                                                                                0x0040465e
                                                                                                                                0x0040466d
                                                                                                                                0x00404671
                                                                                                                                0x00404673
                                                                                                                                0x00404677
                                                                                                                                0x00404680
                                                                                                                                0x00404684
                                                                                                                                0x00404685
                                                                                                                                0x0040468e
                                                                                                                                0x00404692
                                                                                                                                0x00404694
                                                                                                                                0x0040469e
                                                                                                                                0x0040490e
                                                                                                                                0x00404914
                                                                                                                                0x00404927
                                                                                                                                0x00404916
                                                                                                                                0x00404916
                                                                                                                                0x00404918
                                                                                                                                0x0040491b
                                                                                                                                0x0040491d
                                                                                                                                0x00404921
                                                                                                                                0x00404921
                                                                                                                                0x0040492b
                                                                                                                                0x00404937
                                                                                                                                0x00404941
                                                                                                                                0x00404945
                                                                                                                                0x0040495e
                                                                                                                                0x00404977
                                                                                                                                0x0040497c
                                                                                                                                0x00404982
                                                                                                                                0x00404988
                                                                                                                                0x0040498e
                                                                                                                                0x00404995
                                                                                                                                0x0040499a
                                                                                                                                0x004049b0
                                                                                                                                0x0040499c
                                                                                                                                0x0040499c
                                                                                                                                0x004049a4
                                                                                                                                0x004049ab
                                                                                                                                0x004049a6
                                                                                                                                0x004049a6
                                                                                                                                0x004049a6
                                                                                                                                0x004049a4
                                                                                                                                0x004049b8
                                                                                                                                0x004049bc
                                                                                                                                0x004049d1
                                                                                                                                0x004049d4
                                                                                                                                0x004049d8
                                                                                                                                0x004049da
                                                                                                                                0x004049df
                                                                                                                                0x004049e3
                                                                                                                                0x004049e3
                                                                                                                                0x00404995
                                                                                                                                0x00404982
                                                                                                                                0x004049e9
                                                                                                                                0x004049f2
                                                                                                                                0x00404a03
                                                                                                                                0x00404a03
                                                                                                                                0x00404a10
                                                                                                                                0x00404a12
                                                                                                                                0x00404a1d
                                                                                                                                0x00404a21
                                                                                                                                0x00404a2a
                                                                                                                                0x00404a23
                                                                                                                                0x00404a23
                                                                                                                                0x00404a23
                                                                                                                                0x00404a21
                                                                                                                                0x00404a10
                                                                                                                                0x004049e9
                                                                                                                                0x00404945
                                                                                                                                0x00404a35
                                                                                                                                0x00000000
                                                                                                                                0x00404a3b
                                                                                                                                0x00404a43
                                                                                                                                0x00000000
                                                                                                                                0x00404a5a
                                                                                                                                0x00404a6d
                                                                                                                                0x00404a72
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00404a78
                                                                                                                                0x00404a87
                                                                                                                                0x00404a8c
                                                                                                                                0x00404a9d
                                                                                                                                0x00404a9d
                                                                                                                                0x00404a9f
                                                                                                                                0x00404aaf
                                                                                                                                0x00404ab1
                                                                                                                                0x00404ab4
                                                                                                                                0x00404ab8
                                                                                                                                0x00404abd
                                                                                                                                0x00404ac1
                                                                                                                                0x00404acd
                                                                                                                                0x00404ad4
                                                                                                                                0x00404adf
                                                                                                                                0x00404adf
                                                                                                                                0x00404ae7
                                                                                                                                0x00404b1f
                                                                                                                                0x00404ae9
                                                                                                                                0x00404ae9
                                                                                                                                0x00404af0
                                                                                                                                0x00404af3
                                                                                                                                0x00404af3
                                                                                                                                0x00404af9
                                                                                                                                0x00404b00
                                                                                                                                0x00404b03
                                                                                                                                0x00404b03
                                                                                                                                0x00404b09
                                                                                                                                0x00404b0b
                                                                                                                                0x00404b11
                                                                                                                                0x00404b17
                                                                                                                                0x00404b17
                                                                                                                                0x00404b23
                                                                                                                                0x00404b2a
                                                                                                                                0x00404cd8
                                                                                                                                0x00404cde
                                                                                                                                0x00000000
                                                                                                                                0x00404cec
                                                                                                                                0x00404cf7
                                                                                                                                0x00404cff
                                                                                                                                0x00404d12
                                                                                                                                0x00000000
                                                                                                                                0x00404d12
                                                                                                                                0x00404b30
                                                                                                                                0x00404b32
                                                                                                                                0x00404b39
                                                                                                                                0x00404b3b
                                                                                                                                0x00404b40
                                                                                                                                0x00404b42
                                                                                                                                0x00404b42
                                                                                                                                0x00404b45
                                                                                                                                0x00404b46
                                                                                                                                0x00404b48
                                                                                                                                0x00404b48
                                                                                                                                0x00404b4f
                                                                                                                                0x00404baa
                                                                                                                                0x00404bac
                                                                                                                                0x00404bb1
                                                                                                                                0x00404bb7
                                                                                                                                0x00404bbc
                                                                                                                                0x00404bc0
                                                                                                                                0x00404bc6
                                                                                                                                0x00404bd0
                                                                                                                                0x00404ca5
                                                                                                                                0x00404cb0
                                                                                                                                0x00404cbe
                                                                                                                                0x00404cc2
                                                                                                                                0x00404cc7
                                                                                                                                0x00404cd0
                                                                                                                                0x00404cd0
                                                                                                                                0x00404cd7
                                                                                                                                0x00000000
                                                                                                                                0x00404cd7
                                                                                                                                0x00404bd6
                                                                                                                                0x00404bda
                                                                                                                                0x00404bdd
                                                                                                                                0x00404be1
                                                                                                                                0x00404be3
                                                                                                                                0x00404be3
                                                                                                                                0x00404be6
                                                                                                                                0x00404bec
                                                                                                                                0x00404bf2
                                                                                                                                0x00404bf4
                                                                                                                                0x00404bf8
                                                                                                                                0x00404c06
                                                                                                                                0x00404c0b
                                                                                                                                0x00404c13
                                                                                                                                0x00404c17
                                                                                                                                0x00404c21
                                                                                                                                0x00404c21
                                                                                                                                0x00404c28
                                                                                                                                0x00404c36
                                                                                                                                0x00404c3a
                                                                                                                                0x00404c3c
                                                                                                                                0x00404c3c
                                                                                                                                0x00404c2a
                                                                                                                                0x00404c2c
                                                                                                                                0x00404c2c
                                                                                                                                0x00404c5c
                                                                                                                                0x00404c6a
                                                                                                                                0x00404c7e
                                                                                                                                0x00404c84
                                                                                                                                0x00404c84
                                                                                                                                0x00404c8a
                                                                                                                                0x00404c8b
                                                                                                                                0x00404c91
                                                                                                                                0x00404c99
                                                                                                                                0x00404c9d
                                                                                                                                0x00404ca1
                                                                                                                                0x00000000
                                                                                                                                0x00404b51
                                                                                                                                0x00404b51
                                                                                                                                0x00404b5c
                                                                                                                                0x00404b5f
                                                                                                                                0x00404b63
                                                                                                                                0x00404b6a
                                                                                                                                0x00404b6e
                                                                                                                                0x00404b8e
                                                                                                                                0x00404b99
                                                                                                                                0x00404b9f
                                                                                                                                0x00404ba4
                                                                                                                                0x00404ba6
                                                                                                                                0x00000000
                                                                                                                                0x00404ba6
                                                                                                                                0x00404b74
                                                                                                                                0x00404b7b
                                                                                                                                0x00404b7e
                                                                                                                                0x00404b81
                                                                                                                                0x00404b84
                                                                                                                                0x00404b86
                                                                                                                                0x00404b8a
                                                                                                                                0x00000000
                                                                                                                                0x00404b8a
                                                                                                                                0x00404b4f
                                                                                                                                0x00404b2a
                                                                                                                                0x00404a43
                                                                                                                                0x004046a4
                                                                                                                                0x004046ab
                                                                                                                                0x004046b2
                                                                                                                                0x004046c6
                                                                                                                                0x004046cb
                                                                                                                                0x004046d1
                                                                                                                                0x004046d8
                                                                                                                                0x004046eb
                                                                                                                                0x004046fb
                                                                                                                                0x00404708
                                                                                                                                0x0040470d
                                                                                                                                0x00404723
                                                                                                                                0x0040473f
                                                                                                                                0x0040474f
                                                                                                                                0x0040474f
                                                                                                                                0x00404756
                                                                                                                                0x0040475c
                                                                                                                                0x00404760
                                                                                                                                0x00404762
                                                                                                                                0x00404766
                                                                                                                                0x00404768
                                                                                                                                0x00404768
                                                                                                                                0x00404771
                                                                                                                                0x00404792
                                                                                                                                0x0040479d
                                                                                                                                0x004047a0
                                                                                                                                0x004047a2
                                                                                                                                0x004047a2
                                                                                                                                0x004047a4
                                                                                                                                0x004047a5
                                                                                                                                0x004047aa
                                                                                                                                0x004047b2
                                                                                                                                0x004047b6
                                                                                                                                0x004047ba
                                                                                                                                0x004047bd
                                                                                                                                0x004047c2
                                                                                                                                0x004047c6
                                                                                                                                0x004047c9
                                                                                                                                0x004047ce
                                                                                                                                0x004047d2
                                                                                                                                0x004047d4
                                                                                                                                0x004047d6
                                                                                                                                0x004047d8
                                                                                                                                0x004047e2
                                                                                                                                0x004048c0
                                                                                                                                0x004048c0
                                                                                                                                0x004048d4
                                                                                                                                0x00000000
                                                                                                                                0x004047e8
                                                                                                                                0x004047ec
                                                                                                                                0x004047ee
                                                                                                                                0x004047f2
                                                                                                                                0x004047f5
                                                                                                                                0x004047f5
                                                                                                                                0x004047fb
                                                                                                                                0x00404801
                                                                                                                                0x0040480a
                                                                                                                                0x00404811
                                                                                                                                0x00404819
                                                                                                                                0x00404821
                                                                                                                                0x00404829
                                                                                                                                0x0040482d
                                                                                                                                0x00404831
                                                                                                                                0x00404867
                                                                                                                                0x0040488c
                                                                                                                                0x00404892
                                                                                                                                0x00404898
                                                                                                                                0x0040489b
                                                                                                                                0x00404869
                                                                                                                                0x00404878
                                                                                                                                0x0040487a
                                                                                                                                0x0040487a
                                                                                                                                0x00404833
                                                                                                                                0x00404837
                                                                                                                                0x00404848
                                                                                                                                0x0040484a
                                                                                                                                0x00404854
                                                                                                                                0x00404856
                                                                                                                                0x0040485b
                                                                                                                                0x0040485f
                                                                                                                                0x0040485f
                                                                                                                                0x0040489f
                                                                                                                                0x0040489f
                                                                                                                                0x004048a1
                                                                                                                                0x004048a2
                                                                                                                                0x004048a8
                                                                                                                                0x004048b4
                                                                                                                                0x004048ba
                                                                                                                                0x004048be
                                                                                                                                0x004048dc
                                                                                                                                0x004048e0
                                                                                                                                0x004048e5
                                                                                                                                0x00404900
                                                                                                                                0x00404905
                                                                                                                                0x0040490b
                                                                                                                                0x0040490d
                                                                                                                                0x00000000
                                                                                                                                0x004048e7
                                                                                                                                0x004048ee
                                                                                                                                0x004048f5
                                                                                                                                0x00404d14
                                                                                                                                0x00404d14
                                                                                                                                0x00404d18
                                                                                                                                0x00404d27
                                                                                                                                0x00404d27
                                                                                                                                0x004048e5
                                                                                                                                0x00000000
                                                                                                                                0x004048be
                                                                                                                                0x004047e2

                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32 ref: 00404665
                                                                                                                                • GetDlgItem.USER32 ref: 00404671
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 004046B8
                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 004046CB
                                                                                                                                • SetWindowLongW.USER32 ref: 004046E5
                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004046FB
                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 0040470D
                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404723
                                                                                                                                • SendMessageW.USER32(0000111C,0000111C,00000000,00000000), ref: 00404736
                                                                                                                                • SendMessageW.USER32(0000111B,0000111B,00000010,00000000), ref: 0040474F
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00404756
                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404784
                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404792
                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040484E
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404872
                                                                                                                                  • Part of subcall function 004056E7: SendMessageW.USER32(00000028,?,00000001,004054F8), ref: 004056F5
                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040488C
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004048C7
                                                                                                                                • SetWindowLongW.USER32 ref: 004048D4
                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 004048EE
                                                                                                                                • SendMessageW.USER32(00000419,00000419,00000000,?), ref: 00404A03
                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404A6D
                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404A85
                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404AAF
                                                                                                                                • SendMessageW.USER32(00000200,00000200,00000000,00000000), ref: 00404ADF
                                                                                                                                • ImageList_Destroy.COMCTL32(00000000), ref: 00404AF3
                                                                                                                                • GlobalFree.KERNEL32 ref: 00404B03
                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404B99
                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404C6A
                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404C7E
                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404CB0
                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00404CFF
                                                                                                                                • GetDlgItem.USER32 ref: 00404D0B
                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404D12
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                • String ID: $M
                                                                                                                                • API String ID: 1638840714-1049183097
                                                                                                                                • Opcode ID: e80159ccb727a2bfcd2bb414ec745005d3995450b85f018bb0a42ade98bc14e2
                                                                                                                                • Instruction ID: 02937b72f91c8f3a51ac6c3a5937653c5d58672f056e40e2ef30700a781c0892
                                                                                                                                • Opcode Fuzzy Hash: e80159ccb727a2bfcd2bb414ec745005d3995450b85f018bb0a42ade98bc14e2
                                                                                                                                • Instruction Fuzzy Hash: 2F12BBB1644305AFE7209F25DC45A2BB7E9EBC8314F00493EFA95A72E2D7389C05CB59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402EAA, Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 46%
                                                                                                                                			E00402EAA(void* __esi, void* __ebp, struct _WIN32_FIND_DATAW _a400, void* _a436) {
				void* _v4;
				intOrPtr _t9;
				void* _t14;
				void* _t20;

				if(FindFirstFileW(E00403312(_t14, 2),  &_a400) != 0xffffffff) {
					E00406A5B(__esi, _t5);
					_push(_t20 + 0x1c0);
					_push(__ebp);
					E0040708C();
					_t9 =  *((intOrPtr*)(_t20 + 0x10));
				} else {
					 *__esi = __ax;
					 *__ebp = __ax;
					_t9 = 1;
				}
				 *0x47e2e8 =  *0x47e2e8 + _t9;
				return 0;
			}







                                                                                                                                0x00402ec3
                                                                                                                                0x00402ed1
                                                                                                                                0x00402ea3
                                                                                                                                0x00402ea4
                                                                                                                                0x00401ecf
                                                                                                                                0x0040316f
                                                                                                                                0x00402ec5
                                                                                                                                0x00402ec7
                                                                                                                                0x00402b83
                                                                                                                                0x00401736
                                                                                                                                0x00401736
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402EBA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindFirst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                • Opcode ID: 35ded2139be0a1861d328e606d71f6f7bb511f0d1515db2e5c2e8de9101356bc
                                                                                                                                • Instruction ID: dbae4645ff0f6cece2d4c6eccb71ab73b3285c45923a71751ec8f12dd6ef6abe
                                                                                                                                • Opcode Fuzzy Hash: 35ded2139be0a1861d328e606d71f6f7bb511f0d1515db2e5c2e8de9101356bc
                                                                                                                                • Instruction Fuzzy Hash: A5D01770165150AAE260AB70CD8EEBB729D9F44321F200A2FB95AF10D1D6785A43967E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004073B3, Relevance: .3, Instructions: 307COMMONCrypto
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 96%
                                                                                                                                			E004073B3(signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v60;
				signed int _v120;
				signed int _v124;
				void _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				short _v242;
				signed int _v243;
				signed char _v244;
				signed int _t169;
				signed int _t170;
				intOrPtr _t173;
				signed int _t174;
				signed int _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t200;
				short _t205;
				signed int _t211;
				signed char _t222;
				signed int _t227;
				intOrPtr _t231;
				void* _t232;
				void* _t233;
				signed int _t234;
				signed int _t235;
				signed int* _t237;
				signed int _t239;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed char _t245;
				signed char _t248;
				void* _t249;
				signed int _t250;
				signed int _t256;
				signed int _t258;
				intOrPtr* _t259;
				intOrPtr _t261;
				signed int _t262;
				void* _t263;
				signed int _t264;
				signed int _t266;
				signed int _t269;
				signed int _t271;
				signed int _t273;
				signed int _t276;
				void* _t277;
				void* _t278;
				signed int _t283;
				void* _t284;
				void* _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int* _t290;
				signed int _t291;
				void* _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed char* _t302;

				_t231 = _a8;
				_t261 = _t231;
				_t290 = _a4;
				_t235 = 0x10;
				memset( &_v188, 0, _t235 << 2);
				_t302 =  &(( &_v244)[0xc]);
				_t237 = _t290;
				do {
					_t169 =  *_t237;
					_t237 =  &(_t237[1]);
					_t302[0x48 + _t169 * 4] = _t302[0x48 + _t169 * 4] + 1;
					_t261 = _t261 - 1;
				} while (_t261 != 0);
				if(_v188 == _t231) {
					 *_a24 = 0;
					 *_a28 = 0;
					return 0;
				}
				_t170 = _a28;
				_t239 = 1;
				_t286 = 0;
				_t262 = 0xf;
				_t232 =  *_t170;
				while(_t302[0x48 + _t239 * 4] == _t286) {
					_t239 = _t239 + 1;
					if(_t239 <= _t262) {
						continue;
					}
					break;
				}
				_v236 = _t239;
				_t233 =  <  ? _t239 : _t232;
				while(_t302[0x48 + _t262 * 4] == _t286) {
					_t262 = _t262 - 1;
					if(_t262 != 0) {
						continue;
					}
					break;
				}
				_v212 = _t262;
				_t234 =  >  ? _t262 : _t233;
				 *_t170 = _t234;
				_t283 = 1 << _t239;
				while(_t239 < _t262) {
					_t284 = _t283 - _t302[0x48 + _t239 * 4];
					if(_t284 < 0) {
						L25:
						return _t170 | 0xffffffff;
					}
					_t239 = _t239 + 1;
					_t283 = _t284 + _t284;
				}
				_t241 = _t262 << 2;
				_v208 = _t241;
				_t170 = _t302[_t241 + 0x48];
				_t285 = _t283 - _t170;
				if(_t285 < 0) {
					goto L25;
				}
				_v120 = _t286;
				_t302[_t241 + 0x48] = _t170 + _t285;
				_t242 = _t286;
				_t263 = _t262 - 1;
				if(_t263 != 0) {
					_t227 = _t286;
					do {
						_t242 = _t242 + _t302[_t227 + 0x4c];
						_t227 = _t227 + 4;
						_t302[_t227 + 0x8c] = _t242;
						_t263 = _t263 - 1;
					} while (_t263 != 0);
				}
				_t173 = _a8;
				_t243 = _t286;
				do {
					_t264 =  *_t290;
					_t290 =  &_a4;
					if(_t264 != 0) {
						_t174 = _t302[0x88 + _t264 * 4];
						 *(0x46c0a0 + _t174 * 4) = _t243;
						_t302[0x88 + _t264 * 4] = _t174 + 1;
						_t173 = _a8;
					}
					_t243 = _t243 + 1;
				} while (_t243 < _t173);
				_t244 = _v236;
				_t266 =  ~_t234;
				_t291 = _t286;
				_v228 = 0x46c0a0;
				_v220 = _t291;
				_t177 = _t302[_v208 + 0x88];
				_v192 = _t177;
				_t178 = _t177 | 0xffffffff;
				_v124 = _t286;
				_v240 = _t178;
				_v216 = _t266;
				_v60 = _t286;
				_v224 = _t286;
				_v204 = _t286;
				if(_t244 <= _v212) {
					_t181 =  &_v188 + _t244 * 4;
					_v200 = _t181;
					do {
						_t182 =  *_t181;
						while(_t182 != 0) {
							_v196 = _t182;
							_v208 = _t182 - 1;
							_t170 = _t266 + _t234;
							while(1) {
								_v232 = _t170;
								if(_t244 <= _t170) {
									break;
								}
								_v240 = _v240 + 1;
								_t294 =  >  ? _t234 : _v212 - _t170;
								_t245 = _t244 - _t170;
								_t269 = 1 << _t245;
								if(1 > _v196) {
									_t277 = _t269 + (_t170 | 0xffffffff) - _v208;
									_t170 = _v200;
									if(_t245 < _t294) {
										while(1) {
											_t245 = _t245 + 1;
											if(_t245 >= _t294) {
												goto L32;
											}
											_t278 = _t277 + _t277;
											_t170 = _t170 + 4;
											if(_t278 >  *_t170) {
												_t277 = _t278 -  *_t170;
												continue;
											}
											goto L32;
										}
									}
								}
								L32:
								_v204 = 1;
								_t271 =  *_a36;
								_t298 = (1 << _t245) + _t271;
								if(1 > 0x5a0) {
									goto L25;
								}
								_v224 = _a32 + _t271 * 4;
								_t273 = _v240;
								_t302[0xc8 + _t273 * 4] = _v224;
								 *_a36 = _t298;
								_t187 = _v232;
								_t291 = _v220;
								if(_t273 == 0) {
									 *_a24 = _v224;
								} else {
									_t302[0x88 + _t273 * 4] = _t291;
									_v244 = _t245;
									_t276 = _t291 >> _v216;
									_t248 = _t302[0xc4 + _v240 * 4];
									_v243 = _t234;
									_v242 = (_v224 - _t248 >> 2) - _t276;
									 *(_t248 + _t276 * 4) = _v244;
									_t187 = _v232;
								}
								_t244 = _v236;
								_t266 = _t187;
								_v216 = _t266;
								_t170 = _t187 + _t234;
							}
							_v243 = _t244 - _t266;
							if(_v228 < 0x46c0a0 + _v192 * 4) {
								_t200 = _v228;
								_t249 =  *_t200;
								if(_t249 >= _a12) {
									_t250 = _t249 - _a12;
									_v228 = _v228 + 4;
									_v244 =  *((intOrPtr*)(_a20 + _t250 * 2)) + 0x50;
									_t205 =  *((intOrPtr*)(_a16 + _t250 * 2));
								} else {
									_t259 = _v228;
									_v244 = (_t200 & 0xffffff00 | _t249 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
									_t205 =  *_t259;
									_v228 = _t259 + 4;
								}
								_t244 = _v236;
								_v242 = _t205;
							} else {
								_v244 = 0xc0;
							}
							_t299 = _t291 >> _t266;
							_v196 = 1 << _t244 - _t266;
							if(_t299 < _v204) {
								_t222 = _v244;
								_t258 = _v196;
								_t288 = _v224;
								do {
									 *(_t288 + _t299 * 4) = _t222;
									_t299 = _t299 + _t258;
								} while (_t299 < _v204);
								_t266 = _v216;
								_t286 = 0;
							}
							_t300 = _v220;
							_t211 = 1 << _v236 - 1;
							while((_t300 & _t211) != 0) {
								_t300 = _t300 ^ _t211;
								_t211 = _t211 >> 1;
							}
							_t291 = _t300 ^ _t211;
							_v220 = _t291;
							_t256 = _v240;
							if(((1 << _t266) - 0x00000001 & _t291) != _t302[0x88 + _t256 * 4]) {
								_t287 = _t256;
								do {
									_t266 = _t266 - _t234;
									_t287 = _t287 - 1;
								} while (((1 << _t266) - 0x00000001 & _t291) != _t302[0x88 + _t287 * 4]);
								_v240 = _t287;
								_t286 = 0;
								_v216 = _t266;
							}
							_t182 = _v208;
							_t244 = _v236;
						}
						_t244 = _t244 + 1;
						_t181 = _v200 + 4;
						_v236 = _t244;
						_v200 = _t181;
					} while (_t244 <= _v212);
					_t178 = _t181 | 0xffffffff;
				}
				if(_t285 == 0 || _v212 == 1) {
					return _t286;
				}
				return _t178;
			}















































































                                                                                                                                0x004073bc
                                                                                                                                0x004073c3
                                                                                                                                0x004073c6
                                                                                                                                0x004073d1
                                                                                                                                0x004073d6
                                                                                                                                0x004073d6
                                                                                                                                0x004073d8
                                                                                                                                0x004073da
                                                                                                                                0x004073da
                                                                                                                                0x004073dc
                                                                                                                                0x004073df
                                                                                                                                0x004073e3
                                                                                                                                0x004073e3
                                                                                                                                0x004073ec
                                                                                                                                0x004073f7
                                                                                                                                0x00407400
                                                                                                                                0x00000000
                                                                                                                                0x00407402
                                                                                                                                0x00407409
                                                                                                                                0x00407414
                                                                                                                                0x00407415
                                                                                                                                0x00407417
                                                                                                                                0x00407418
                                                                                                                                0x0040741a
                                                                                                                                0x00407420
                                                                                                                                0x00407423
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407423
                                                                                                                                0x00407427
                                                                                                                                0x0040742b
                                                                                                                                0x0040742e
                                                                                                                                0x00407434
                                                                                                                                0x00407437
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407437
                                                                                                                                0x0040743b
                                                                                                                                0x0040743f
                                                                                                                                0x00407445
                                                                                                                                0x00407447
                                                                                                                                0x00407458
                                                                                                                                0x0040744b
                                                                                                                                0x0040744f
                                                                                                                                0x00407531
                                                                                                                                0x00000000
                                                                                                                                0x00407531
                                                                                                                                0x00407455
                                                                                                                                0x00407456
                                                                                                                                0x00407456
                                                                                                                                0x0040745e
                                                                                                                                0x00407461
                                                                                                                                0x00407465
                                                                                                                                0x00407469
                                                                                                                                0x0040746b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407473
                                                                                                                                0x0040747a
                                                                                                                                0x0040747e
                                                                                                                                0x00407480
                                                                                                                                0x00407483
                                                                                                                                0x00407485
                                                                                                                                0x00407487
                                                                                                                                0x00407487
                                                                                                                                0x0040748b
                                                                                                                                0x0040748e
                                                                                                                                0x00407495
                                                                                                                                0x00407495
                                                                                                                                0x00407487
                                                                                                                                0x0040749a
                                                                                                                                0x004074a1
                                                                                                                                0x004074a3
                                                                                                                                0x004074a3
                                                                                                                                0x004074a6
                                                                                                                                0x004074ab
                                                                                                                                0x004074ad
                                                                                                                                0x004074b4
                                                                                                                                0x004074bc
                                                                                                                                0x004074c3
                                                                                                                                0x004074c3
                                                                                                                                0x004074ca
                                                                                                                                0x004074cb
                                                                                                                                0x004074d5
                                                                                                                                0x004074d9
                                                                                                                                0x004074db
                                                                                                                                0x004074dd
                                                                                                                                0x004074e5
                                                                                                                                0x004074e9
                                                                                                                                0x004074f0
                                                                                                                                0x004074f4
                                                                                                                                0x004074f7
                                                                                                                                0x004074fe
                                                                                                                                0x00407502
                                                                                                                                0x00407506
                                                                                                                                0x0040750d
                                                                                                                                0x00407511
                                                                                                                                0x00407519
                                                                                                                                0x00407523
                                                                                                                                0x00407526
                                                                                                                                0x0040752a
                                                                                                                                0x0040752a
                                                                                                                                0x0040774c
                                                                                                                                0x00407539
                                                                                                                                0x0040753e
                                                                                                                                0x00407542
                                                                                                                                0x0040762f
                                                                                                                                0x0040762f
                                                                                                                                0x00407635
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040754e
                                                                                                                                0x00407556
                                                                                                                                0x0040755b
                                                                                                                                0x0040755e
                                                                                                                                0x00407564
                                                                                                                                0x0040756d
                                                                                                                                0x0040756f
                                                                                                                                0x00407575
                                                                                                                                0x00407577
                                                                                                                                0x00407577
                                                                                                                                0x0040757a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x0040757c
                                                                                                                                0x0040757e
                                                                                                                                0x00407583
                                                                                                                                0x00407585
                                                                                                                                0x00000000
                                                                                                                                0x00407585
                                                                                                                                0x00000000
                                                                                                                                0x00407583
                                                                                                                                0x00407577
                                                                                                                                0x00407575
                                                                                                                                0x00407589
                                                                                                                                0x00407595
                                                                                                                                0x00407599
                                                                                                                                0x0040759b
                                                                                                                                0x004075a3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004075af
                                                                                                                                0x004075b3
                                                                                                                                0x004075bb
                                                                                                                                0x004075c9
                                                                                                                                0x004075cb
                                                                                                                                0x004075cf
                                                                                                                                0x004075d5
                                                                                                                                0x00407621
                                                                                                                                0x004075d7
                                                                                                                                0x004075db
                                                                                                                                0x004075e4
                                                                                                                                0x004075ec
                                                                                                                                0x004075ee
                                                                                                                                0x004075fb
                                                                                                                                0x00407604
                                                                                                                                0x0040760d
                                                                                                                                0x00407610
                                                                                                                                0x00407610
                                                                                                                                0x00407623
                                                                                                                                0x00407627
                                                                                                                                0x00407629
                                                                                                                                0x0040762d
                                                                                                                                0x0040762d
                                                                                                                                0x0040763f
                                                                                                                                0x00407652
                                                                                                                                0x0040765b
                                                                                                                                0x0040765f
                                                                                                                                0x00407668
                                                                                                                                0x0040768b
                                                                                                                                0x0040769e
                                                                                                                                0x004076a3
                                                                                                                                0x004076ae
                                                                                                                                0x0040766a
                                                                                                                                0x00407670
                                                                                                                                0x0040767b
                                                                                                                                0x0040767f
                                                                                                                                0x00407685
                                                                                                                                0x00407685
                                                                                                                                0x004076b2
                                                                                                                                0x004076b6
                                                                                                                                0x00407654
                                                                                                                                0x00407654
                                                                                                                                0x00407654
                                                                                                                                0x004076c4
                                                                                                                                0x004076c6
                                                                                                                                0x004076ce
                                                                                                                                0x004076d0
                                                                                                                                0x004076d4
                                                                                                                                0x004076d8
                                                                                                                                0x004076dc
                                                                                                                                0x004076dc
                                                                                                                                0x004076df
                                                                                                                                0x004076e1
                                                                                                                                0x004076e7
                                                                                                                                0x004076eb
                                                                                                                                0x004076eb
                                                                                                                                0x004076f3
                                                                                                                                0x004076f9
                                                                                                                                0x00407701
                                                                                                                                0x004076fd
                                                                                                                                0x004076ff
                                                                                                                                0x004076ff
                                                                                                                                0x00407705
                                                                                                                                0x0040770b
                                                                                                                                0x00407712
                                                                                                                                0x00407720
                                                                                                                                0x00407722
                                                                                                                                0x00407724
                                                                                                                                0x00407726
                                                                                                                                0x0040772d
                                                                                                                                0x00407731
                                                                                                                                0x0040773a
                                                                                                                                0x0040773e
                                                                                                                                0x00407740
                                                                                                                                0x00407740
                                                                                                                                0x00407744
                                                                                                                                0x00407748
                                                                                                                                0x00407748
                                                                                                                                0x00407758
                                                                                                                                0x00407759
                                                                                                                                0x0040775c
                                                                                                                                0x00407760
                                                                                                                                0x00407764
                                                                                                                                0x0040776e
                                                                                                                                0x0040776e
                                                                                                                                0x00407773
                                                                                                                                0x00000000
                                                                                                                                0x0040777c
                                                                                                                                0x00407788

                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 423945c29aee29c24a9e20c64ec3f96ad63004fe8147e386a48872b640e0e432
                                                                                                                                • Instruction ID: 0b4ea5818b0415bacee28e69fa725c40a44751e9862c8a186eb1bb700b31bb96
                                                                                                                                • Opcode Fuzzy Hash: 423945c29aee29c24a9e20c64ec3f96ad63004fe8147e386a48872b640e0e432
                                                                                                                                • Instruction Fuzzy Hash: DDC16A70A0C3458FC324DF28C5809AABBE1FBC9314F108A2EE59997390E734E946CB47
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E00401000() {
				struct HDC__* _t64;
				void* _t82;
				void* _t92;
				struct HDC__* _t100;
				struct tagRECT _t102;
				long _t110;
				struct HWND__* _t120;
				void* _t126;
				void* _t128;
				intOrPtr _t131;
				void* _t133;

				if( *((intOrPtr*)(_t133 + 0x64)) == 0xf) {
					_t131 =  *0x47e230;
					_t64 = BeginPaint( *(_t133 + 0x74), _t133 + 0x24);
					 *(_t133 + 0x10) =  *(_t133 + 0x10) & 0x00000000;
					_t100 = _t64;
					GetClientRect( *(_t133 + 0x74), _t133 + 0x1c);
					_t120 =  *(_t133 + 0x28);
					 *(_t133 + 0x28) =  *(_t133 + 0x28) & 0x00000000;
					_t102 =  *(_t133 + 0x20);
					 *(_t133 + 0x74) = _t120;
					while(_t102 < _t120) {
						_t116 = _t120 - _t102;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						 *(_t133 + 0x18) = (((( *(_t131 + 0x56) & 0x000000ff) * _t102 + ( *(_t131 + 0x52) & 0x000000ff) * (_t120 - _t102)) / _t120 & 0x000000ff) << 0x00000008 | (( *(_t131 + 0x55) & 0x000000ff) *  *(_t133 + 0x20) + ( *(_t131 + 0x51) & 0x000000ff) * _t116) /  *(_t133 + 0x74) & 0x000000ff) << 0x00000008 | (( *(_t131 + 0x50) & 0x000000ff) * _t116 + ( *(_t131 + 0x54) & 0x000000ff) *  *(_t133 + 0x20)) /  *(_t133 + 0x74) & 0x000000ff;
						_t82 = CreateBrushIndirect(_t133 + 0x10);
						 *(_t133 + 0x28) =  *(_t133 + 0x28) + 4;
						_t126 = _t82;
						FillRect(_t100, _t133 + 0x20, _t126);
						DeleteObject(_t126);
						_t120 =  *(_t133 + 0x74);
						_t102 =  *(_t133 + 0x20) + 4;
						 *(_t133 + 0x20) = _t102;
					}
					if( *(_t131 + 0x58) != 0xffffffff) {
						_t128 = CreateFontIndirectW( *(_t131 + 0x34));
						 *(_t133 + 0x74) = _t128;
						if(_t128 != 0) {
							 *(_t133 + 0x24) = 0x10;
							 *(_t133 + 0x28) = 8;
							SetBkMode(_t100, 1);
							SetTextColor(_t100,  *(_t131 + 0x58));
							_t92 = SelectObject(_t100, _t128);
							DrawTextW(_t100, 0x476220, 0xffffffff, _t133 + 0x20, 0x820);
							SelectObject(_t100, _t92);
							DeleteObject( *(_t133 + 0x74));
						}
					}
					EndPaint( *(_t133 + 0x74), _t133 + 0x2c);
					return 0;
				}
				_t110 =  *(_t133 + 0x6c);
				if( *((intOrPtr*)(_t133 + 0x64)) == 0x46) {
					 *(_t110 + 0x18) =  *(_t110 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t110 + 4)) =  *0x47621c;
				}
				return DefWindowProcW( *(_t133 + 0x6c),  *(_t133 + 0x6c),  *(_t133 + 0x6c), _t110);
			}














                                                                                                                                0x00401008
                                                                                                                                0x0040103b
                                                                                                                                0x0040104c
                                                                                                                                0x00401052
                                                                                                                                0x00401057
                                                                                                                                0x00401062
                                                                                                                                0x00401068
                                                                                                                                0x0040106c
                                                                                                                                0x00401071
                                                                                                                                0x00401075
                                                                                                                                0x0040110f
                                                                                                                                0x00401087
                                                                                                                                0x00401096
                                                                                                                                0x004010b1
                                                                                                                                0x004010cc
                                                                                                                                0x004010db
                                                                                                                                0x004010df
                                                                                                                                0x004010e5
                                                                                                                                0x004010ea
                                                                                                                                0x004010f3
                                                                                                                                0x004010fa
                                                                                                                                0x00401104
                                                                                                                                0x00401108
                                                                                                                                0x0040110b
                                                                                                                                0x0040110b
                                                                                                                                0x0040111b
                                                                                                                                0x00401126
                                                                                                                                0x00401128
                                                                                                                                0x0040112e
                                                                                                                                0x00401133
                                                                                                                                0x0040113b
                                                                                                                                0x00401143
                                                                                                                                0x0040114d
                                                                                                                                0x0040115b
                                                                                                                                0x00401171
                                                                                                                                0x00401179
                                                                                                                                0x0040117f
                                                                                                                                0x0040117f
                                                                                                                                0x0040112e
                                                                                                                                0x0040118e
                                                                                                                                0x00000000
                                                                                                                                0x00401199
                                                                                                                                0x0040100f
                                                                                                                                0x00401013
                                                                                                                                0x00401015
                                                                                                                                0x0040101e
                                                                                                                                0x0040101e
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 0040102E
                                                                                                                                • BeginPaint.USER32(?,?), ref: 0040104C
                                                                                                                                • GetClientRect.USER32 ref: 00401062
                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010DF
                                                                                                                                • FillRect.USER32 ref: 004010F3
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004010FA
                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401120
                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401143
                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 0040114D
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0040115B
                                                                                                                                • DrawTextW.USER32(00000000,00476220,000000FF,?,00000820), ref: 00401171
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401179
                                                                                                                                • DeleteObject.GDI32(?), ref: 0040117F
                                                                                                                                • EndPaint.USER32(?,?), ref: 0040118E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                • String ID: F
                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                • Opcode ID: 27201791eaaf4abf096f88d290c8699947f1c26ff6614e9a9062f513a4a4c976
                                                                                                                                • Instruction ID: 37581d5d8e3d67265fca532cda08f2d017080a0c6f64d6d4c333604f758f02c3
                                                                                                                                • Opcode Fuzzy Hash: 27201791eaaf4abf096f88d290c8699947f1c26ff6614e9a9062f513a4a4c976
                                                                                                                                • Instruction Fuzzy Hash: 9541BC720083549FC7159F61CD4896BBBE9FF88315F040A2EF995A22A1C738CD04CFA6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004065B1, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 133memorystringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E004065B1() {
				void* __ecx;
				long _t14;
				int _t15;
				void* _t30;
				intOrPtr _t31;
				void* _t38;
				intOrPtr _t39;
				void* _t43;
				long _t44;
				intOrPtr* _t46;
				void* _t50;
				WCHAR* _t51;
				long _t53;
				int _t55;
				void* _t56;
				void* _t57;

				_t51 =  *(_t56 + 0x18);
				 *0x46a9c0 = 0x55004e;
				 *0x46a9c4 = 0x4c;
				if(_t51 == 0) {
					L3:
					_t14 = GetShortPathNameW( *(_t56 + 0x20), 0x46a1c0, 0x400);
					if(_t14 != 0 && _t14 <= 0x400) {
						_t15 = wsprintfA(0x469dc0, "%ls=%ls\r\n", 0x46a9c0, 0x46a1c0);
						_t57 = _t56 + 0x10;
						_t55 = _t15;
						E00406119(0x46a1c0,  *((intOrPtr*)( *0x47e230 + 0x128)));
						_t14 = E00406E83(0x46a1c0, 0xc0000000, 4);
						_t38 = _t14;
						 *(_t57 + 0x10) = _t38;
						if(_t38 != 0xffffffff) {
							_t53 = GetFileSize(_t38, 0);
							_t5 = _t55 + 0xa; // 0xa
							_t42 = _t5 + _t53;
							_t50 = GlobalAlloc(0x40, _t5 + _t53);
							if(_t50 != 0 && E00406EB0(_t42, _t38, _t50, _t53) != 0) {
								if(E004070A8(_t50, "[Rename]\r\n") != 0) {
									_t43 = E004070A8(_t20 + 0xa, "\n[");
									if(_t43 == 0) {
										goto L10;
									} else {
										_t46 = _t50 + _t53;
										_t30 = _t46 + _t55;
										if(_t46 > _t43) {
											_t31 = _t30 - _t46;
											 *((intOrPtr*)(_t57 + 0x1c)) = _t31;
											_t39 = _t31;
											do {
												 *((char*)(_t39 + _t46)) =  *_t46;
												_t46 = _t46 - 1;
											} while (_t46 > _t43);
											_t38 =  *(_t57 + 0x10);
										}
										_t44 = _t43 - _t50 + 1;
										goto L11;
									}
									goto L13;
								} else {
									lstrcpyA(_t50 + _t53, "[Rename]\r\n");
									_t53 = _t53 + 0xa;
									L10:
									_t44 = _t53;
								}
								L11:
								E00406BBE(_t44 + _t50, 0x469dc0, _t55);
								SetFilePointer(_t38, 0, 0, 0);
								E00406F77(_t44, _t38, _t50, _t53 + _t55);
								GlobalFree(_t50);
							}
							_t14 = CloseHandle(_t38);
						}
					}
				} else {
					CloseHandle(E00406E83(_t51, 0, 1));
					_t14 = GetShortPathNameW(_t51, 0x46a9c0, 0x400);
					if(_t14 != 0 && _t14 <= 0x400) {
						goto L3;
					}
				}
				L13:
				return _t14;
			}



















                                                                                                                                0x004065b5
                                                                                                                                0x004065be
                                                                                                                                0x004065cd
                                                                                                                                0x004065e0
                                                                                                                                0x00406608
                                                                                                                                0x00406613
                                                                                                                                0x00406617
                                                                                                                                0x00406631
                                                                                                                                0x0040663d
                                                                                                                                0x00406640
                                                                                                                                0x00406649
                                                                                                                                0x00406656
                                                                                                                                0x0040665b
                                                                                                                                0x0040665d
                                                                                                                                0x00406664
                                                                                                                                0x00406673
                                                                                                                                0x00406675
                                                                                                                                0x00406678
                                                                                                                                0x00406683
                                                                                                                                0x00406687
                                                                                                                                0x004066a2
                                                                                                                                0x00406700
                                                                                                                                0x00406704
                                                                                                                                0x00000000
                                                                                                                                0x00406706
                                                                                                                                0x00406706
                                                                                                                                0x00406709
                                                                                                                                0x0040670e
                                                                                                                                0x00406710
                                                                                                                                0x00406712
                                                                                                                                0x00406716
                                                                                                                                0x00406718
                                                                                                                                0x0040671a
                                                                                                                                0x0040671d
                                                                                                                                0x0040671e
                                                                                                                                0x00406722
                                                                                                                                0x00406722
                                                                                                                                0x00406728
                                                                                                                                0x00000000
                                                                                                                                0x00406728
                                                                                                                                0x00000000
                                                                                                                                0x004066a4
                                                                                                                                0x004066ad
                                                                                                                                0x004066b3
                                                                                                                                0x004066b6
                                                                                                                                0x004066b6
                                                                                                                                0x004066b6
                                                                                                                                0x004066b8
                                                                                                                                0x004066c2
                                                                                                                                0x004066cd
                                                                                                                                0x004066d9
                                                                                                                                0x004066df
                                                                                                                                0x004066df
                                                                                                                                0x004066e6
                                                                                                                                0x004066e6
                                                                                                                                0x00406664
                                                                                                                                0x004065e2
                                                                                                                                0x004065ed
                                                                                                                                0x004065f6
                                                                                                                                0x004065fa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004065fa
                                                                                                                                0x004066ec
                                                                                                                                0x004066f1

                                                                                                                                APIs
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00000000,?,?,00406501,?,?), ref: 004065ED
                                                                                                                                • GetShortPathNameW.KERNEL32 ref: 004065F6
                                                                                                                                • GetShortPathNameW.KERNEL32 ref: 00406613
                                                                                                                                • wsprintfA.USER32 ref: 00406631
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0046A1C0,C0000000,00000004,0046A1C0,?), ref: 0040666D
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 0040667D
                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004066AD
                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00469DC0,00000000,-0000000A,0040A928,00000000,[Rename],00000000,00000000,00000000), ref: 004066CD
                                                                                                                                • GlobalFree.KERNEL32 ref: 004066DF
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 004066E6
                                                                                                                                  • Part of subcall function 00406E83: GetFileAttributesW.KERNEL32(00000003,00403719,004EB000,80000000,00000003,?,?,?,00403C38,00000000), ref: 00406E87
                                                                                                                                  • Part of subcall function 00406E83: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000000,00000000,?,?,?,00403C38,00000000), ref: 00406EA7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShort$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                                • API String ID: 2900126502-461813615
                                                                                                                                • Opcode ID: e1ed448b85cb68dd23d8985e48373c4ba1298e4fac246ce4dac706c41aef55aa
                                                                                                                                • Instruction ID: 53fa6a27b594ea59726de24daee963061e7b2f426aa6d19655d30c6630d2d149
                                                                                                                                • Opcode Fuzzy Hash: e1ed448b85cb68dd23d8985e48373c4ba1298e4fac246ce4dac706c41aef55aa
                                                                                                                                • Instruction Fuzzy Hash: E941D6F06003026BD7106B258C49E6F3A5CEF85748F12093AF906F62D2E77ED8248A6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405F97, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76stringwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00405F97(signed int _a4, WCHAR* _a8) {
				WCHAR* _v40;
				long _v52;
				int _v56;
				void* _v60;
				void* _t18;
				signed int _t19;
				long _t20;
				signed char _t29;
				signed int _t35;
				WCHAR* _t39;
				WCHAR* _t40;
				struct HWND__* _t43;

				_t43 =  *0x476208;
				if(_t43 == 0) {
					return _t18;
				}
				_t29 =  *0x47e314;
				_t35 = _t29 & 0x00000001;
				if(_t35 == 0) {
					E00406119(0x459d78, _a4);
				}
				_t19 = lstrlenW(0x459d78);
				_t39 = _a8;
				_a4 = _t19;
				if(_t39 == 0) {
					_t40 = 0x459d78;
					goto L7;
				} else {
					_t19 = lstrlenW(_t39) + _a4;
					if(_t19 >= 0x8000) {
						L13:
						return _t19;
					}
					_t40 = 0x459d78;
					_t19 = lstrcatW(0x459d78, _t39);
					L7:
					if((_t29 & 0x00000004) == 0) {
						_t19 = SetWindowTextW( *0x4761e8, _t40);
					}
					if((_t29 & 0x00000002) == 0) {
						_v40 = _t40;
						_v60 = 1;
						_t20 = SendMessageW(_t43, 0x1004, 0, 0);
						_v52 = 0;
						_v56 = _t20 - _t35;
						SendMessageW(_t43, 0x104d - _t35, 0,  &_v60);
						_t19 = SendMessageW(_t43, 0x1013, _v56, 0);
					}
					if(_t35 != 0) {
						_t19 = _a4;
						0x459d78[_t19] = 0;
					}
					goto L13;
				}
			}















                                                                                                                                0x00405f9b
                                                                                                                                0x00405fa3
                                                                                                                                0x00406078
                                                                                                                                0x00406078
                                                                                                                                0x00405faa
                                                                                                                                0x00405fb9
                                                                                                                                0x00405fbc
                                                                                                                                0x00405fc3
                                                                                                                                0x00405fc3
                                                                                                                                0x00405fc9
                                                                                                                                0x00405fce
                                                                                                                                0x00405fd2
                                                                                                                                0x00405fd8
                                                                                                                                0x00405ffd
                                                                                                                                0x00000000
                                                                                                                                0x00405fda
                                                                                                                                0x00405fe0
                                                                                                                                0x00405fe9
                                                                                                                                0x00406071
                                                                                                                                0x00000000
                                                                                                                                0x00406073
                                                                                                                                0x00405ff0
                                                                                                                                0x00405ff6
                                                                                                                                0x00406002
                                                                                                                                0x00406005
                                                                                                                                0x0040600e
                                                                                                                                0x0040600e
                                                                                                                                0x00406017
                                                                                                                                0x0040601b
                                                                                                                                0x0040602d
                                                                                                                                0x00406035
                                                                                                                                0x00406039
                                                                                                                                0x0040603d
                                                                                                                                0x00406050
                                                                                                                                0x0040605d
                                                                                                                                0x0040605d
                                                                                                                                0x00406061
                                                                                                                                0x00406063
                                                                                                                                0x00406069
                                                                                                                                0x00406069
                                                                                                                                0x00000000
                                                                                                                                0x00406061

                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FC9
                                                                                                                                • lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FDB
                                                                                                                                • lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?), ref: 00405FF6
                                                                                                                                • SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\), ref: 0040600E
                                                                                                                                • SendMessageW.USER32(?), ref: 00406035
                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00406050
                                                                                                                                • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 0040605D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                • String ID: Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\
                                                                                                                                • API String ID: 2531174081-1665674842
                                                                                                                                • Opcode ID: 315b9961d2a30df75d0f95f58f29e5c2ac085fdfbce929e84409d5db2b16e6dd
                                                                                                                                • Instruction ID: d723733eabb0fbaaa4fc89e05fe22690cb4b206433a6461d48d0c5839267406e
                                                                                                                                • Opcode Fuzzy Hash: 315b9961d2a30df75d0f95f58f29e5c2ac085fdfbce929e84409d5db2b16e6dd
                                                                                                                                • Instruction Fuzzy Hash: B521C2729056106BD3109F558D40E9BBBECFF94314F05053EF989A3292C7BDAD444AAA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403F96, Relevance: 13.6, APIs: 9, Instructions: 103windowstringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 83%
                                                                                                                                			E00403F96(signed int __eax, void* __ebx, void* __ecx, void* __edx) {
				intOrPtr* _t24;
				signed short* _t26;
				signed short* _t27;
				long _t42;
				void* _t60;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t72;
				void* _t76;

				_push(ds);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__ebx - 0x7497dbac)) =  *((intOrPtr*)(__ebx - 0x7497dbac)) + __ecx;
				_t60 = __edx - 1;
				 *(_t72 - 0x72ee8637) =  *(_t72 - 0x72ee8637) ^ __eax;
				_t24 = __eax + 0x8d;
				 *_t24 =  *_t24 + _t24;
				_push( *((intOrPtr*)(_t60 + 0x34)));
				_t26 =  *0x47e258 +  *( *0x476200 - _t24) * 2;
				_t27 =  &(_t26[1]);
				 *(_t76 + 0x64) = _t27;
				 *(_t76 + 0x14) = _t27;
				_t29 =  ==  ? E0040587B : E00405844;
				 *(_t76 + 0x68) =  *_t26 & 0x0000ffff;
				_t69 =  *(_t76 + 0x60);
				 *((intOrPtr*)(_t76 + 0x18)) = 0;
				_push(0x22);
				 *((intOrPtr*)(_t76 + 0x24)) =  ==  ? E0040587B : E00405844;
				E004056FE(_t69);
				_push( *((intOrPtr*)( *(_t76 + 0x68) + 0x38)));
				_push(0x23);
				E004056FE(_t69);
				CheckDlgButton(_t69, (( !( *(_t60 + 0x14) >> 5) |  *(_t60 + 0x14)) & 1 ^ 1) + 0x40a, 1);
				E00405687(( !( *(_t60 + 0x14) >> 5) |  *(_t60 + 0x14)) & 1);
				_t70 = GetDlgItem(_t69, 0x3e8);
				E004056E7(_t70);
				SendMessageW(_t70, 0x45b, 1, 0);
				_t42 =  *( *0x47e230 + 0x68);
				if(_t42 < 0) {
					_t42 = GetSysColor( ~_t42);
				}
				SendMessageW(_t70, 0x443, 0, _t42);
				SendMessageW(_t70, 0x445, 0, 0x4010000);
				SendMessageW(_t70, 0x435, 0, lstrlenW( *(_t76 + 0x60)));
				 *0x451d5c = 0;
				SendMessageW(_t70, 0x449,  *(_t76 + 0x68), _t76 + 0x10);
				 *0x451d5c = 0;
				return 0;
			}












                                                                                                                                0x00403f96
                                                                                                                                0x00403f97
                                                                                                                                0x00403f99
                                                                                                                                0x00403f9f
                                                                                                                                0x00403fa0
                                                                                                                                0x00403fa8
                                                                                                                                0x00403faa
                                                                                                                                0x00403fc5
                                                                                                                                0x00403fc8
                                                                                                                                0x00403fce
                                                                                                                                0x00403fd1
                                                                                                                                0x00403fd8
                                                                                                                                0x00403fe1
                                                                                                                                0x00403fe4
                                                                                                                                0x00403fe8
                                                                                                                                0x00403ff4
                                                                                                                                0x00403ffb
                                                                                                                                0x00403ffe
                                                                                                                                0x00404004
                                                                                                                                0x0040400d
                                                                                                                                0x00404010
                                                                                                                                0x00404013
                                                                                                                                0x00404024
                                                                                                                                0x0040402b
                                                                                                                                0x0040403c
                                                                                                                                0x0040403f
                                                                                                                                0x00404052
                                                                                                                                0x00404059
                                                                                                                                0x0040405e
                                                                                                                                0x00404063
                                                                                                                                0x00404063
                                                                                                                                0x00404071
                                                                                                                                0x0040407f
                                                                                                                                0x00404092
                                                                                                                                0x00404098
                                                                                                                                0x004040a9
                                                                                                                                0x004040ab
                                                                                                                                0x00404257

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 004056FE: SetDlgItemTextW.USER32 ref: 00405718
                                                                                                                                • CheckDlgButton.USER32(?,?,00000001), ref: 00404024
                                                                                                                                  • Part of subcall function 00405687: KiUserCallbackDispatcher.NTDLL(?,00405487), ref: 00405691
                                                                                                                                • GetDlgItem.USER32 ref: 00404036
                                                                                                                                  • Part of subcall function 004056E7: SendMessageW.USER32(00000028,?,00000001,004054F8), ref: 004056F5
                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404052
                                                                                                                                • GetSysColor.USER32(?), ref: 00404063
                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404071
                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040407F
                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00404085
                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404092
                                                                                                                                • SendMessageW.USER32(00000000,00000449,?,?), ref: 004040A9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Item$ButtonCallbackCheckColorDispatcherTextUserlstrlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1705896523-0
                                                                                                                                • Opcode ID: 60298f2848f637dd354bd6c6f50fac7d9395133ef61c44897b5c0f9f10708951
                                                                                                                                • Instruction ID: e9c756d90a57545524ef0908800f6bd84ef44eeea0821f54a21bf18789652d9f
                                                                                                                                • Opcode Fuzzy Hash: 60298f2848f637dd354bd6c6f50fac7d9395133ef61c44897b5c0f9f10708951
                                                                                                                                • Instruction Fuzzy Hash: A031A3B16057446FD301AF25DC41D6B7BACFF85304F02486EF645AB2A2C6399D41CFAA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402ED8, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108memoryfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 97%
                                                                                                                                			E00402ED8(void* _a8, void* _a12, long _a20, void* _a24, void* _a40, intOrPtr _a48, WCHAR* _a80, void* _a108, void* _a120) {
				void* _v4;
				void* _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t24;
				long _t27;
				intOrPtr _t42;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;
				void _t54;
				WCHAR* _t55;
				void* _t57;
				void* _t58;
				void* _t59;

				_t51 = 0xfffffd66;
				_t55 = E00403312(_t45, 0xfffffff0);
				_a80 = _t55;
				if(E0040730E(_t55) == 0) {
					E00403312(_t45, 0xffffffed);
				}
				E004070FB(_t55);
				_t46 = E00406E83(_t55, 0x40000000, 2);
				 *(_t58 + 0x90) = _t46;
				if(_t46 != 0xffffffff) {
					_t27 =  *0x47e228;
					_a20 = _t27;
					_t53 = GlobalAlloc(0x40, _t27);
					 *(_t58 + 0x48) = _t53;
					if(_t53 == 0) {
						_t51 = 0xfffffd66;
					} else {
						E00403418(_t42);
						E00403402(_t53,  *((intOrPtr*)(_t58 + 0x14)));
						_t49 = GlobalAlloc(0x40,  *(_t58 + 0x30));
						 *(_t58 + 0x4c) = _t49;
						if(_t49 != 0) {
							E0040342F( *((intOrPtr*)(_t58 + 0x38)), _t42, _t49, _a48);
							if( *_t49 != _t42) {
								_t57 = _t53;
								do {
									_t54 =  *_t49;
									_t50 = _t49 + 8;
									E00406BBE( *((intOrPtr*)(_t49 + 4)) + _t57, _t50, _t54);
									_t49 = _t50 + _t54;
								} while ( *_t49 != _t42);
								_t55 =  *(_t58 + 0x54);
								_t53 =  *(_t58 + 0x48);
							}
							GlobalFree( *(_t58 + 0x4c));
						}
						_t46 =  *(_t58 + 0x94);
						E00406F77(_t44, _t46, _t53, _a20);
						GlobalFree(_t53);
						_t51 = E0040342F(0xffffffff, _t46, _t42, _t42);
					}
					CloseHandle(_t46);
				}
				_push(_t55);
				E00406AF2(L"created uninstaller: %d, \"%s\"", _t51);
				_t59 = _t58 + 0xc;
				_t47 = 0xfffffff3;
				if(_t51 < 0) {
					_t47 = 0xffffffef;
					DeleteFileW(_t55);
					 *((intOrPtr*)(_t59 + 0x10)) = 1;
				}
				E004033F1(_t47);
				_t24 =  *((intOrPtr*)(_t59 + 0x10));
				 *0x47e2e8 =  *0x47e2e8 + _t24;
				return 0;
			}























                                                                                                                                0x00402eda
                                                                                                                                0x00402ee4
                                                                                                                                0x00402ee7
                                                                                                                                0x00402ef2
                                                                                                                                0x00402ef6
                                                                                                                                0x00402ef6
                                                                                                                                0x00402efc
                                                                                                                                0x00402f0e
                                                                                                                                0x00402f10
                                                                                                                                0x00402f1a
                                                                                                                                0x00402f20
                                                                                                                                0x00402f28
                                                                                                                                0x00402f32
                                                                                                                                0x00402f34
                                                                                                                                0x00402f3a
                                                                                                                                0x00402fcc
                                                                                                                                0x00402f40
                                                                                                                                0x00402f41
                                                                                                                                0x00402f4b
                                                                                                                                0x00402f5c
                                                                                                                                0x00402f5e
                                                                                                                                0x00402f64
                                                                                                                                0x00402f70
                                                                                                                                0x00402f77
                                                                                                                                0x00402f79
                                                                                                                                0x00402f7b
                                                                                                                                0x00402f7b
                                                                                                                                0x00402f80
                                                                                                                                0x00402f88
                                                                                                                                0x00402f8d
                                                                                                                                0x00402f8f
                                                                                                                                0x00402f93
                                                                                                                                0x00402f97
                                                                                                                                0x00402f97
                                                                                                                                0x00402f9f
                                                                                                                                0x00402f9f
                                                                                                                                0x00402fa9
                                                                                                                                0x00402fb2
                                                                                                                                0x00402fb8
                                                                                                                                0x00402fc8
                                                                                                                                0x00402fc8
                                                                                                                                0x00402fd2
                                                                                                                                0x00402fd2
                                                                                                                                0x00402fd8
                                                                                                                                0x00402fdf
                                                                                                                                0x00402fe4
                                                                                                                                0x00402fe9
                                                                                                                                0x00402fec
                                                                                                                                0x00402ff0
                                                                                                                                0x00402ff2
                                                                                                                                0x00402ff8
                                                                                                                                0x00402ff8
                                                                                                                                0x00403001
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402F2C
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402F56
                                                                                                                                • GlobalFree.KERNEL32 ref: 00402F9F
                                                                                                                                • GlobalFree.KERNEL32 ref: 00402FB8
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00402FD2
                                                                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00402FF2
                                                                                                                                Strings
                                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402FDA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                                • API String ID: 2667972263-3145124454
                                                                                                                                • Opcode ID: 457dbdc198b2e621e3c0a682fa5326b7824bf738c8f12f1b374ea3f150a0e0d3
                                                                                                                                • Instruction ID: 0380bf5bbd10ed3c2c7b9079417e1d5329a2fd4ca9c6f1293e3c3f2ec94e3213
                                                                                                                                • Opcode Fuzzy Hash: 457dbdc198b2e621e3c0a682fa5326b7824bf738c8f12f1b374ea3f150a0e0d3
                                                                                                                                • Instruction Fuzzy Hash: C33114729082116FD3106F65DD09E1F7FA8AF85764F10063AF954B72E2D7389C0197AA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040594C, Relevance: 12.1, APIs: 8, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040594C(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				void* _t39;
				long _t41;
				long _t43;
				long* _t52;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					_t39 = 0;
				} else {
					_t52 = GetWindowLongW(_a12, 0xffffffeb);
					if(_t52 == 0 || _t52[2] > 1 || _t52[4] > 2 || (_t52[5] & 0xffffffe0) != 0) {
						goto L18;
					} else {
						_t41 =  *_t52;
						if((_t52[5] & 0x00000002) != 0) {
							_t41 = GetSysColor(_t41);
						}
						if((_t52[5] & 0x00000001) != 0) {
							SetTextColor(_a8, _t41);
						}
						SetBkMode(_a8, _t52[4]);
						_t43 = _t52[1];
						_v16.lbColor = _t43;
						if((_t52[5] & 0x00000008) != 0) {
							_t43 = GetSysColor(_t43);
							_v16.lbColor = _t43;
						}
						if((_t52[5] & 0x00000004) != 0) {
							SetBkColor(_a8, _t43);
						}
						if((_t52[5] & 0x00000010) != 0) {
							_v16.lbStyle = _t52[2];
							if(_t52[3] != 0) {
								DeleteObject(_t52[3]);
							}
							_t52[3] = CreateBrushIndirect( &_v16);
						}
						_t39 = _t52[3];
					}
				}
				return _t39;
			}








                                                                                                                                0x0040595e
                                                                                                                                0x00405a14
                                                                                                                                0x00405a14
                                                                                                                                0x00405964
                                                                                                                                0x0040596f
                                                                                                                                0x00405973
                                                                                                                                0x00000000
                                                                                                                                0x00405996
                                                                                                                                0x0040599a
                                                                                                                                0x0040599c
                                                                                                                                0x0040599f
                                                                                                                                0x0040599f
                                                                                                                                0x004059a9
                                                                                                                                0x004059af
                                                                                                                                0x004059af
                                                                                                                                0x004059bb
                                                                                                                                0x004059c5
                                                                                                                                0x004059c8
                                                                                                                                0x004059cb
                                                                                                                                0x004059ce
                                                                                                                                0x004059d4
                                                                                                                                0x004059d4
                                                                                                                                0x004059db
                                                                                                                                0x004059e1
                                                                                                                                0x004059e1
                                                                                                                                0x004059eb
                                                                                                                                0x004059f4
                                                                                                                                0x004059f7
                                                                                                                                0x004059fc
                                                                                                                                0x004059fc
                                                                                                                                0x00405a0c
                                                                                                                                0x00405a0c
                                                                                                                                0x00405a0f
                                                                                                                                0x00405a0f
                                                                                                                                0x00405973
                                                                                                                                0x00405a1a

                                                                                                                                APIs
                                                                                                                                • GetWindowLongW.USER32(00000000,000000EB), ref: 00405969
                                                                                                                                • GetSysColor.USER32(00000000), ref: 0040599F
                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 004059AF
                                                                                                                                • SetBkMode.GDI32(?,?), ref: 004059BB
                                                                                                                                • GetSysColor.USER32(?), ref: 004059CE
                                                                                                                                • SetBkColor.GDI32(?,?), ref: 004059E1
                                                                                                                                • DeleteObject.GDI32(?), ref: 004059FC
                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00405A06
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                • Opcode ID: 97c51ecef34fe1dc0a9de404d0c9e7350aec4bf5a3c5345e0087cb2619356105
                                                                                                                                • Instruction ID: 2161a42b14348e4986dc4e01d29d8cc823d786b5a1a8b67eeeb95bf8f7f2ef4a
                                                                                                                                • Opcode Fuzzy Hash: 97c51ecef34fe1dc0a9de404d0c9e7350aec4bf5a3c5345e0087cb2619356105
                                                                                                                                • Instruction Fuzzy Hash: EF218170600B449FDB319F68E94CB577BF4EF05310F048A2AE892B16A1C738D944CF68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402C52, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 165fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E00402C52(intOrPtr __ebx, void* __esi) {
				signed int _t58;
				intOrPtr _t62;
				void* _t70;
				void* _t72;

				_t62 = 2;
				 *((intOrPtr*)(_t70 + 0x18)) = __ebx;
				 *((intOrPtr*)(_t70 + 0x20)) = _t62;
				_t72 = E004032D6(_t62) - 1;
				if(_t72 < 0) {
					_t58 =  *(_t70 + 0x10);
					goto L33;
				} else {
					__ecx = 0x1fff;
					__eflags = __eax - 0x1fff;
					 *(__esp + 0x48) = __eax;
					__eflags =  *__ebp - __bx;
					if( *__ebp == __bx) {
						L25:
						__ecx =  *(__esp + 0x14);
						__eax = 0;
						__eflags = __ecx;
						 *(__esi + __ecx * 2) = __ax;
						_t58 = 0 | _t72 == 0x00000000;
						L33:
						 *0x47e2e8 =  *0x47e2e8 + _t58;
					} else {
						 *(__esp + 0x48) = __ebx;
						__ecx = E00407183(__ebp);
						 *(__esp + 0x18) = __ecx;
						__eflags =  *(__esp + 0x48) - __ebx;
						if( *(__esp + 0x48) > __ebx) {
							 *((intOrPtr*)(__esp + 0x4c)) = 0xd;
							__ebp = __ebx;
							do {
								__eflags =  *(__esp + 0x24) - 0x39;
								if( *(__esp + 0x24) != 0x39) {
									__eflags =  *((intOrPtr*)(__esp + 0x34)) - __ebx;
									if( *((intOrPtr*)(__esp + 0x34)) != __ebx) {
										L18:
										__eax = __esp + 0x24;
										__eax = E00406EB0(__ecx, __ecx, __esp + 0x24, 2);
										__eflags = __eax;
										if(__eax == 0) {
											goto L25;
										} else {
											goto L19;
										}
									} else {
										__eflags = __ebp;
										if(__ebp != 0) {
											goto L18;
										} else {
											__eax = E0040672B(__ecx, __ebx);
											__eflags = __eax;
											if(__eax < 0) {
												goto L25;
											} else {
												__ecx =  *(__esp + 0x18);
												goto L18;
											}
										}
									}
								} else {
									_push(__ebx);
									__eax = __esp + 0x44;
									_push(__esp + 0x44);
									__eax = 2;
									__eax = __esp + 0x1c;
									__eax = ReadFile(__ecx, __esp + 0x1c, __eax, ??, ??);
									__eflags = __eax;
									if(__eax == 0) {
										goto L25;
									} else {
										__ecx =  *(__esp + 0x40);
										 *(__esp + 0x1c) = __ecx;
										__eflags = __ecx;
										if(__ecx == 0) {
											goto L25;
										} else {
											__eax =  *(__esp + 0x10) & 0x000000ff;
											 *(__esp + 0x20) =  *(__esp + 0x10) & 0x000000ff;
											__eflags =  *((intOrPtr*)(__esp + 0x34)) - __ebx;
											if( *((intOrPtr*)(__esp + 0x34)) != __ebx) {
												L31:
												__ax & 0x0000ffff = E00406A5B(__esi, __ax & 0x0000ffff);
											} else {
												__esp + 0x24 = __esp + 0x1c;
												__eax = MultiByteToWideChar(__ebx, 8, __esp + 0x1c, __ecx, __esp + 0x24, __edi);
												__eflags = __eax;
												if(__eax != 0) {
													L19:
													__ecx =  *(__esp + 0x1c);
													__eax =  *(__esp + 0x20);
												} else {
													__ecx =  *(__esp + 0x1c);
													__edx = __ecx;
													__edx =  ~__ecx;
													while(1) {
														_t22 = __esp + 0x40;
														 *_t22 =  *(__esp + 0x40) - 1;
														__eflags =  *_t22;
														__eax = 0xfffd;
														 *(__esp + 0x20) = 0xfffd;
														if( *_t22 == 0) {
															goto L20;
														}
														__ecx = __ecx - 1;
														__edx = __edx + 1;
														 *(__esp + 0x2c) = __ecx;
														 *(__esp + 0x64) = __edx;
														SetFilePointer( *(__esp + 0x24), __edx, __ebx, __edi) = __esp + 0x24;
														__eax = __esp + 0x1c;
														__eax = MultiByteToWideChar(__ebx, 8, __esp + 0x1c,  *(__esp + 0x48), __esp + 0x24, __edi);
														__ecx =  *(__esp + 0x1c);
														__edx =  *(__esp + 0x54);
														__eflags = __eax;
														if(__eax == 0) {
															continue;
														} else {
															goto L19;
														}
														goto L20;
													}
												}
												L20:
												__eflags =  *((intOrPtr*)(__esp + 0x34)) - __ebx;
												if( *((intOrPtr*)(__esp + 0x34)) != __ebx) {
													goto L31;
												} else {
													__edx = 0xd;
													__eflags =  *(__esp + 0x44) - __dx;
													__edx = 0xa;
													if(__eflags == 0) {
														L26:
														__eflags =  *(__esp + 0x44) - __ax;
														if( *(__esp + 0x44) == __ax) {
															L30:
															__eax = SetFilePointer( *(__esp + 0x24), __ecx, __ebx, __edi);
															goto L25;
														} else {
															__eflags = __ax -  *((intOrPtr*)(__esp + 0x4c));
															if(__ax ==  *((intOrPtr*)(__esp + 0x4c))) {
																L29:
																 *(__esi + __ebp * 2) = __ax;
																 *(__esp + 0x14) = __ebp;
																goto L25;
															} else {
																__eflags = __ax - __dx;
																if(__ax != __dx) {
																	goto L30;
																} else {
																	goto L29;
																}
															}
														}
														L35:
														return 0;
													} else {
														__eflags =  *(__esp + 0x44) - __dx;
														if( *(__esp + 0x44) == __dx) {
															goto L26;
														} else {
															 *(__esi + __ebp * 2) = __ax;
															__ebp = __ebp + 1;
															__ecx = __ax & 0x0000ffff;
															 *(__esp + 0x14) = __ebp;
															 *(__esp + 0x44) = __ax & 0x0000ffff;
															__eflags = __ax;
															if(__ax == 0) {
																goto L25;
															} else {
																goto L24;
															}
														}
													}
												}
											}
										}
									}
								}
								goto L34;
								L24:
								__ecx =  *(__esp + 0x18);
								__eflags = __ebp -  *(__esp + 0x48);
							} while (__ebp <  *(__esp + 0x48));
						}
						goto L25;
					}
				}
				L34:
				goto L35;
			}







                                                                                                                                0x00402c54
                                                                                                                                0x00402c56
                                                                                                                                0x00402c5a
                                                                                                                                0x00402c67
                                                                                                                                0x00402c69
                                                                                                                                0x0040316f
                                                                                                                                0x00000000
                                                                                                                                0x00402c6f
                                                                                                                                0x00402c6f
                                                                                                                                0x00402c74
                                                                                                                                0x00402c79
                                                                                                                                0x00402c7d
                                                                                                                                0x00402c81
                                                                                                                                0x00402dd8
                                                                                                                                0x00402dd8
                                                                                                                                0x00402ddc
                                                                                                                                0x00402dde
                                                                                                                                0x00402de0
                                                                                                                                0x00401b50
                                                                                                                                0x00403173
                                                                                                                                0x00403173
                                                                                                                                0x00402c87
                                                                                                                                0x00402c88
                                                                                                                                0x00402c91
                                                                                                                                0x00402c93
                                                                                                                                0x00402c97
                                                                                                                                0x00402c9b
                                                                                                                                0x00402ca1
                                                                                                                                0x00402ca9
                                                                                                                                0x00402cab
                                                                                                                                0x00402cab
                                                                                                                                0x00402cb0
                                                                                                                                0x00402d69
                                                                                                                                0x00402d6d
                                                                                                                                0x00402d82
                                                                                                                                0x00402d84
                                                                                                                                0x00402d8a
                                                                                                                                0x00402d8f
                                                                                                                                0x00402d91
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d6f
                                                                                                                                0x00402d6f
                                                                                                                                0x00402d71
                                                                                                                                0x00000000
                                                                                                                                0x00402d73
                                                                                                                                0x00402d75
                                                                                                                                0x00402d7a
                                                                                                                                0x00402d7c
                                                                                                                                0x00000000
                                                                                                                                0x00402d7e
                                                                                                                                0x00402d7e
                                                                                                                                0x00000000
                                                                                                                                0x00402d7e
                                                                                                                                0x00402d7c
                                                                                                                                0x00402d71
                                                                                                                                0x00402cb6
                                                                                                                                0x00402cb6
                                                                                                                                0x00402cb7
                                                                                                                                0x00402cbb
                                                                                                                                0x00402cbe
                                                                                                                                0x00402cc4
                                                                                                                                0x00402cca
                                                                                                                                0x00402cd0
                                                                                                                                0x00402cd2
                                                                                                                                0x00000000
                                                                                                                                0x00402cd8
                                                                                                                                0x00402cd8
                                                                                                                                0x00402cdc
                                                                                                                                0x00402ce0
                                                                                                                                0x00402ce2
                                                                                                                                0x00000000
                                                                                                                                0x00402ce8
                                                                                                                                0x00402ce8
                                                                                                                                0x00402ced
                                                                                                                                0x00402cf1
                                                                                                                                0x00402cf5
                                                                                                                                0x00402e18
                                                                                                                                0x00402e1d
                                                                                                                                0x00402cfb
                                                                                                                                0x00402d02
                                                                                                                                0x00402d0a
                                                                                                                                0x00402d10
                                                                                                                                0x00402d12
                                                                                                                                0x00402d93
                                                                                                                                0x00402d93
                                                                                                                                0x00402d97
                                                                                                                                0x00402d14
                                                                                                                                0x00402d14
                                                                                                                                0x00402d18
                                                                                                                                0x00402d1a
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d21
                                                                                                                                0x00402d26
                                                                                                                                0x00402d2a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402d2d
                                                                                                                                0x00402d2e
                                                                                                                                0x00402d35
                                                                                                                                0x00402d39
                                                                                                                                0x00402d44
                                                                                                                                0x00402d4d
                                                                                                                                0x00402d55
                                                                                                                                0x00402d5b
                                                                                                                                0x00402d5f
                                                                                                                                0x00402d63
                                                                                                                                0x00402d65
                                                                                                                                0x00000000
                                                                                                                                0x00402d67
                                                                                                                                0x00000000
                                                                                                                                0x00402d67
                                                                                                                                0x00000000
                                                                                                                                0x00402d65
                                                                                                                                0x00402d1c
                                                                                                                                0x00402d9b
                                                                                                                                0x00402d9b
                                                                                                                                0x00402d9f
                                                                                                                                0x00000000
                                                                                                                                0x00402da1
                                                                                                                                0x00402da3
                                                                                                                                0x00402da4
                                                                                                                                0x00402dab
                                                                                                                                0x00402dac
                                                                                                                                0x00402de9
                                                                                                                                0x00402de9
                                                                                                                                0x00402dee
                                                                                                                                0x00402e07
                                                                                                                                0x00402e10
                                                                                                                                0x00000000
                                                                                                                                0x00402df0
                                                                                                                                0x00402df0
                                                                                                                                0x00402df5
                                                                                                                                0x00402dfc
                                                                                                                                0x00402dfc
                                                                                                                                0x00402e01
                                                                                                                                0x00000000
                                                                                                                                0x00402df7
                                                                                                                                0x00402df7
                                                                                                                                0x00402dfa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402dfa
                                                                                                                                0x00402df5
                                                                                                                                0x0040317b
                                                                                                                                0x00403185
                                                                                                                                0x00402dae
                                                                                                                                0x00402dae
                                                                                                                                0x00402db3
                                                                                                                                0x00000000
                                                                                                                                0x00402db5
                                                                                                                                0x00402db5
                                                                                                                                0x00402db9
                                                                                                                                0x00402dba
                                                                                                                                0x00402dbd
                                                                                                                                0x00402dc1
                                                                                                                                0x00402dc5
                                                                                                                                0x00402dc8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402dc8
                                                                                                                                0x00402db3
                                                                                                                                0x00402dac
                                                                                                                                0x00402d9f
                                                                                                                                0x00402cf5
                                                                                                                                0x00402ce2
                                                                                                                                0x00402cd2
                                                                                                                                0x00000000
                                                                                                                                0x00402dca
                                                                                                                                0x00402dca
                                                                                                                                0x00402dce
                                                                                                                                0x00402dce
                                                                                                                                0x00402cab
                                                                                                                                0x00000000
                                                                                                                                0x00402c9b
                                                                                                                                0x00402c81
                                                                                                                                0x00403179
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • ReadFile.KERNEL32(00000000,?,?,?), ref: 00402CCA
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,00000039,00000001), ref: 00402D0A
                                                                                                                                • SetFilePointer.KERNEL32(00000039,?,?,00000001,?,00000008,?,?,00000039,00000001), ref: 00402D3D
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,00000039,00000001,?,00000001,?,00000008,?,?,00000039,00000001), ref: 00402D55
                                                                                                                                • SetFilePointer.KERNEL32(00000039,?,?,00000001,00000000,00000039,00000002), ref: 00402E10
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$ByteCharMultiPointerWide$Read
                                                                                                                                • String ID: 9
                                                                                                                                • API String ID: 1439708474-2366072709
                                                                                                                                • Opcode ID: a0cabf4f9dae24e6e35d0a0b1b1b89063f5898f3b5f951d9d88adc50bd9e04d8
                                                                                                                                • Instruction ID: 1eccc4395e91a9fbe5f71842aa650d985c218fd5adeab50420996e16176e011c
                                                                                                                                • Opcode Fuzzy Hash: a0cabf4f9dae24e6e35d0a0b1b1b89063f5898f3b5f951d9d88adc50bd9e04d8
                                                                                                                                • Instruction Fuzzy Hash: BD5169B12083029BD724DF25DA8897BB7F8EF85704F00493FF582A62C0D678DD458B6A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00407252, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E00407252(WCHAR* _a4) {
				signed int _t8;
				signed int _t11;
				void* _t20;
				WCHAR* _t22;
				WCHAR* _t23;
				WCHAR* _t24;

				_t23 = _a4;
				_t20 = 0x5c;
				if( *_t23 == _t20 && _t23[1] == _t20 && _t23[2] == 0x3f && _t23[3] == _t20) {
					_t23 =  &(_t23[4]);
				}
				if( *_t23 != 0 && E0040730E(_t23) != 0) {
					_t23 =  &(_t23[2]);
				}
				_t8 =  *_t23 & 0x0000ffff;
				_t24 = _t23;
				_a4 = _t24;
				_t22 = _t23;
				if(_t8 != 0) {
					do {
						if(_t8 > 0x1f &&  *((intOrPtr*)(E00406A3C(L"*?|<>/\":", _t8))) == 0) {
							E00406BBE(_t22, _t23, CharNextW(_t23) - _t23 >> 1);
							_t22 = CharNextW(_t22);
						}
						_t23 = CharNextW(_t23);
						_t8 =  *_t23 & 0x0000ffff;
					} while (_t8 != 0);
					_t24 = _a4;
					_t20 = 0x5c;
				}
				 *_t22 = 0;
				while(1) {
					_push(_t22);
					_push(_t24);
					_t22 = CharPrevW();
					_t11 =  *_t22 & 0x0000ffff;
					if(_t11 != 0x20 && _t11 != _t20) {
						break;
					}
					_t11 = 0;
					 *_t22 = 0;
					if(_t24 < _t22) {
						continue;
					}
					break;
				}
				return _t11;
			}









                                                                                                                                0x00407255
                                                                                                                                0x0040725c
                                                                                                                                0x00407260
                                                                                                                                0x00407275
                                                                                                                                0x00407275
                                                                                                                                0x0040727d
                                                                                                                                0x00407289
                                                                                                                                0x00407289
                                                                                                                                0x0040728c
                                                                                                                                0x0040728f
                                                                                                                                0x00407291
                                                                                                                                0x00407295
                                                                                                                                0x0040729a
                                                                                                                                0x004072a4
                                                                                                                                0x004072a8
                                                                                                                                0x004072c4
                                                                                                                                0x004072cc
                                                                                                                                0x004072cc
                                                                                                                                0x004072d1
                                                                                                                                0x004072d3
                                                                                                                                0x004072d6
                                                                                                                                0x004072db
                                                                                                                                0x004072e1
                                                                                                                                0x004072e1
                                                                                                                                0x004072e4
                                                                                                                                0x004072e7
                                                                                                                                0x004072e7
                                                                                                                                0x004072e8
                                                                                                                                0x004072ef
                                                                                                                                0x004072f1
                                                                                                                                0x004072f7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x004072fe
                                                                                                                                0x00407300
                                                                                                                                0x00407305
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407305
                                                                                                                                0x0040730b

                                                                                                                                APIs
                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072BB
                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004072CA
                                                                                                                                • CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072CF
                                                                                                                                • CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,004E3000,00000000,004E3000,00403EAC,004E3000,74B5FAA0,00403BCB), ref: 004072E9
                                                                                                                                Strings
                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00407259
                                                                                                                                • *?|<>/":, xrefs: 004072AB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                • String ID: *?|<>/":$Error writing temporary file. Make sure your temp folder is valid.
                                                                                                                                • API String ID: 589700163-525015898
                                                                                                                                • Opcode ID: 7506df84259de5cd40cc3de30505afa1c2622fd205e3fa83ec31ff21188f9e58
                                                                                                                                • Instruction ID: 7b4f3c575e87616667c9855eeeddfffa073812b73434ecb333c14c2add6bc918
                                                                                                                                • Opcode Fuzzy Hash: 7506df84259de5cd40cc3de30505afa1c2622fd205e3fa83ec31ff21188f9e58
                                                                                                                                • Instruction Fuzzy Hash: F111DF15D0932556CA30BBA54D0497BB2A8AE5575072148BFFE85B32C0E778AC81D3BE
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406B24, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406B24(intOrPtr _a4) {
				void* _t2;
				void* _t7;
				void* _t8;

				if(_a4 != 0) {
					_t7 =  *0x40c0b8; // 0xffffffff
					if(_t7 != 0xffffffff) {
						_t7 = CloseHandle(_t7);
					}
					 *0x40c0b8 =  *0x40c0b8 | 0xffffffff;
					return _t7;
				}
				if( *0x46d1a0 != 0) {
					if( *0x46c9a0 == 0) {
						L9:
						if( *0x40c0b8 != 0xffffffff) {
							goto L10;
						}
					} else {
						if( *0x40c0b8 != 0xffffffff) {
							L10:
							lstrcatW(0x46d1c0, L"\r\n");
							return E00406F77(_t8,  *0x40c0b8, 0x46d1c0, lstrlenW(0x46d1c0) + _t4);
						}
						_t2 = E00406E83("C:\Users\hardz\AppData\Local\Programs\SideQuest\install.log", 0x40000000, 4);
						 *0x40c0b8 = _t2;
						if(_t2 != 0xffffffff) {
							_t2 = SetFilePointer(_t2, 0, 0, 2);
							goto L9;
						}
					}
				}
				return _t2;
			}






                                                                                                                                0x00406b29
                                                                                                                                0x00406b2b
                                                                                                                                0x00406b33
                                                                                                                                0x00406b36
                                                                                                                                0x00406b36
                                                                                                                                0x00406b3c
                                                                                                                                0x00000000
                                                                                                                                0x00406b3c
                                                                                                                                0x00406b4c
                                                                                                                                0x00406b56
                                                                                                                                0x00406b89
                                                                                                                                0x00406b90
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406b58
                                                                                                                                0x00406b5f
                                                                                                                                0x00406b92
                                                                                                                                0x00406b9e
                                                                                                                                0x00000000
                                                                                                                                0x00406bba
                                                                                                                                0x00406b6d
                                                                                                                                0x00406b72
                                                                                                                                0x00406b7a
                                                                                                                                0x00406b83
                                                                                                                                0x00000000
                                                                                                                                0x00406b83
                                                                                                                                0x00406b7a
                                                                                                                                0x00406b56
                                                                                                                                0x00406bbb

                                                                                                                                APIs
                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00406B23,00000000), ref: 00406B36
                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,C:\Users\user\AppData\Local\Programs\SideQuest\install.log,40000000,00000004,00406B23,00000000), ref: 00406B83
                                                                                                                                • lstrcatW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),0040A940), ref: 00406B9E
                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\")), ref: 00406BA5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseFileHandlePointerlstrcatlstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Programs\SideQuest\install.log$RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\")
                                                                                                                                • API String ID: 416707836-1508345366
                                                                                                                                • Opcode ID: 12fa1348b1a788f5359be7a224ad63d4c5d4c6290d7c360feb0831f0e215d593
                                                                                                                                • Instruction ID: 90cd118cbb70e112dfed6b23eb6a572762e517475609fdced81aa02a38335540
                                                                                                                                • Opcode Fuzzy Hash: 12fa1348b1a788f5359be7a224ad63d4c5d4c6290d7c360feb0831f0e215d593
                                                                                                                                • Instruction Fuzzy Hash: 570171B0500220EAE720AB68AD8DF563639A701334F218737F56AF51F1D7B82CA5C65E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040393B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0040393B(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				intOrPtr _t8;
				int _t18;

				_t8 = _a8;
				if(_t8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_t8 = 0x113;
				}
				if(_t8 == 0x113) {
					_t18 =  *0x420168; // 0x399bac0
					_t19 =  <  ?  *0x42016c : _t18;
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv( <  ?  *0x42016c : _t18, 0x64, _t18));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                0x0040393e
                                                                                                                                0x00403952
                                                                                                                                0x00403960
                                                                                                                                0x00403966
                                                                                                                                0x00403966
                                                                                                                                0x0040396b
                                                                                                                                0x0040396d
                                                                                                                                0x0040397a
                                                                                                                                0x00403994
                                                                                                                                0x004039a4
                                                                                                                                0x004039b6
                                                                                                                                0x004039b6
                                                                                                                                0x004039c0

                                                                                                                                APIs
                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00403960
                                                                                                                                • MulDiv.KERNEL32(0399BAC0,00000064,0399BAC0), ref: 00403984
                                                                                                                                • wsprintfW.USER32 ref: 00403994
                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004039A4
                                                                                                                                • SetDlgItemTextW.USER32 ref: 004039B6
                                                                                                                                Strings
                                                                                                                                • verifying installer: %d%%, xrefs: 0040398E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                • Opcode ID: fc090a1c3660ebbe2a23c5aa4fc88cd8254137eb6ef201df65c9d67c5a335e52
                                                                                                                                • Instruction ID: 86cb5ef30b0de291c3c423191b19d45d4bf51be215b8929c8edc9e522f5b9877
                                                                                                                                • Opcode Fuzzy Hash: fc090a1c3660ebbe2a23c5aa4fc88cd8254137eb6ef201df65c9d67c5a335e52
                                                                                                                                • Instruction Fuzzy Hash: 2501A271A40209BBDB249F58ED46FBA3BA8E708701F00453AFA05F51E1CAB59D51CB98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040273B, Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 83%
                                                                                                                                			E0040273B(WCHAR* __ebx, void* _a4, WCHAR* _a20, WCHAR* _a24, void* _a28, void* _a40) {
				void* _v0;
				void* _v4;
				int _t15;
				intOrPtr _t16;
				WCHAR* _t21;
				void* _t23;
				WCHAR* _t26;
				void* _t30;

				_t21 = __ebx;
				_a24 = __ebx;
				_a20 = __ebx;
				E0040708C(0x410108, L"<RM>");
				E0040708C(0x414108, 0x410108);
				if(_a24 != __ebx) {
					__ebx = E00403312(__edx, __ebx);
				}
				if( *((intOrPtr*)(_t30 + 0x2c)) != 0) {
					_a20 = E00403312(_t23, 0x11);
				}
				if( *((intOrPtr*)(_t30 + 0x38)) != 0) {
					 *((intOrPtr*)(_t30 + 0x14)) = E00403312(_t23, 0x22);
				}
				_t26 = E00403312(_t23, 0xffffffcd);
				_push(_t26);
				_push(0x414108);
				_push(0x410108);
				E00406AF2(L"WriteINIStr: wrote [%s] %s=%s in %s", L"Call");
				_t30 = _t30 + 0x14;
				_t15 = WritePrivateProfileStringW(_t21, _a20,  *(_t30 + 0x18), _t26);
				if(_t15 != 0) {
					_t16 =  *((intOrPtr*)(_t30 + 0x10));
				} else {
					_t16 = 1;
				}
				 *0x47e2e8 =  *0x47e2e8 + _t16;
				return 0;
			}











                                                                                                                                0x0040273b
                                                                                                                                0x00402745
                                                                                                                                0x0040274a
                                                                                                                                0x0040274e
                                                                                                                                0x0040275a
                                                                                                                                0x00402763
                                                                                                                                0x0040276b
                                                                                                                                0x0040276b
                                                                                                                                0x00402772
                                                                                                                                0x0040277b
                                                                                                                                0x0040277b
                                                                                                                                0x00402784
                                                                                                                                0x0040278d
                                                                                                                                0x0040278d
                                                                                                                                0x00402798
                                                                                                                                0x0040279a
                                                                                                                                0x0040279b
                                                                                                                                0x0040279c
                                                                                                                                0x004027a7
                                                                                                                                0x004027ac
                                                                                                                                0x004027b9
                                                                                                                                0x004019c3
                                                                                                                                0x0040316f
                                                                                                                                0x004019c9
                                                                                                                                0x00401736
                                                                                                                                0x00401736
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 004027B9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                • String ID: <RM>$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$Call$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                • API String ID: 247603264-2264287778
                                                                                                                                • Opcode ID: 0125decb6b1ef7c2399e9e80f703f76d4f7bfc0a330fd3ee0703031ba6c3c2ae
                                                                                                                                • Instruction ID: 24fbee806ae7aadaab72e9085dd33b8535a8484a992fb1bc101c83a820b45bf8
                                                                                                                                • Opcode Fuzzy Hash: 0125decb6b1ef7c2399e9e80f703f76d4f7bfc0a330fd3ee0703031ba6c3c2ae
                                                                                                                                • Instruction Fuzzy Hash: 49014F70908310AAD210BF624C89E5FBDA8AB91759F10093FB885771D3D6BC8A44DB6A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004020EB, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 76%
                                                                                                                                			E004020EB(struct HWND__* __edx, struct HWND__* _a20, signed int _a36, signed char _a48) {
				void* _v12;
				int _t6;
				intOrPtr _t12;
				struct HFONT__* _t18;
				intOrPtr _t20;
				signed char _t25;
				struct HDC__* _t28;
				void* _t34;

				_t28 = GetDC(__edx);
				_t6 = E004032D6(2);
				0x420108->lfHeight =  ~(MulDiv(_t6, GetDeviceCaps(_t28, 0x5a), 0x48));
				ReleaseDC(_a20, _t28);
				_t12 = E004032D6(3);
				_t25 = _a48;
				 *0x420118 = _t12;
				 *0x42011f = 1;
				 *0x42011c = _t25 & 0x00000001;
				 *0x42011d = _t25 & 0x00000002;
				 *0x42011e = _t25 & 0x00000004;
				E00406119("MS Shell Dlg", _a36);
				_t18 = CreateFontIndirectW(0x420108);
				_push(_t18);
				E00406A5B();
				_t20 =  *((intOrPtr*)(_t34 + 0x10));
				 *0x47e2e8 =  *0x47e2e8 + _t20;
				return 0;
			}











                                                                                                                                0x004020f4
                                                                                                                                0x004020f6
                                                                                                                                0x00402113
                                                                                                                                0x0040211e
                                                                                                                                0x00402126
                                                                                                                                0x0040212c
                                                                                                                                0x00402134
                                                                                                                                0x0040213d
                                                                                                                                0x00402144
                                                                                                                                0x00402155
                                                                                                                                0x0040215a
                                                                                                                                0x00402160
                                                                                                                                0x0040216a
                                                                                                                                0x00401c8d
                                                                                                                                0x004016c4
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • GetDC.USER32 ref: 004020EC
                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00402103
                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 0040210B
                                                                                                                                • ReleaseDC.USER32 ref: 0040211E
                                                                                                                                • CreateFontIndirectW.GDI32(00420108), ref: 0040216A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                • String ID: MS Shell Dlg
                                                                                                                                • API String ID: 3808545654-76309092
                                                                                                                                • Opcode ID: fc7e3139744a5652b6c96148f26afad58ef214d944056266fd67136fcce7a8a8
                                                                                                                                • Instruction ID: 3fd54f2558e031b55cf15d817fb3b200a17f057733f7f7b7aded0f8609b1d4e1
                                                                                                                                • Opcode Fuzzy Hash: fc7e3139744a5652b6c96148f26afad58ef214d944056266fd67136fcce7a8a8
                                                                                                                                • Instruction Fuzzy Hash: 8601F931348340AFE3609FB4AC0BB6A7FE4A755705F50082DF241A72E3C5794612CB2D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0327103F, Relevance: 9.1, APIs: 6, Instructions: 55synchronizationCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E0327103F(long _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr* _a16) {
				long _v8;
				int _v12;
				void* _v16;
				void* _t12;
				int _t13;
				intOrPtr* _t14;
				void* _t22;
				long _t23;

				_t23 = _a4;
				_t12 = OpenProcess(0x100401, 0, _t23);
				_t22 = _t12;
				if(_t22 == 0) {
					return _t12;
				}
				_v16 = _t23;
				_v12 = 0;
				if(_a8 == 0) {
					L7:
					_t13 = TerminateProcess(_t22, 0);
					_t14 = _a12;
					if(_t13 == 0) {
						_t14 = _a16;
					}
					L9:
					 *_t14 = 1;
					return CloseHandle(_t22);
				}
				EnumWindows(E03271007,  &_v16);
				if(_v12 == 0 || GetExitCodeProcess(_t22,  &_v8) != 0 && _v8 == 0x103 && WaitForSingleObject(_t22, 0xbb8) != 0) {
					goto L7;
				} else {
					_t14 = _a12;
					goto L9;
				}
			}











                                                                                                                                0x03271047
                                                                                                                                0x03271054
                                                                                                                                0x0327105a
                                                                                                                                0x0327105e
                                                                                                                                0x032710cf
                                                                                                                                0x032710cf
                                                                                                                                0x03271060
                                                                                                                                0x03271063
                                                                                                                                0x03271069
                                                                                                                                0x032710ac
                                                                                                                                0x032710ae
                                                                                                                                0x032710b6
                                                                                                                                0x032710b9
                                                                                                                                0x032710bb
                                                                                                                                0x032710bb
                                                                                                                                0x032710be
                                                                                                                                0x032710bf
                                                                                                                                0x00000000
                                                                                                                                0x032710c5
                                                                                                                                0x03271074
                                                                                                                                0x0327107d
                                                                                                                                0x00000000
                                                                                                                                0x032710a7
                                                                                                                                0x032710a7
                                                                                                                                0x00000000
                                                                                                                                0x032710a7

                                                                                                                                APIs
                                                                                                                                • OpenProcess.KERNEL32(00100401,00000000,?,0000025E,?,00004000,?), ref: 03271054
                                                                                                                                • EnumWindows.USER32(03271007,?), ref: 03271074
                                                                                                                                • GetExitCodeProcess.KERNEL32 ref: 03271084
                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 0327109D
                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 032710AE
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 032710C5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.456509856.0000000003271000.00000020.00020000.sdmp, Offset: 03270000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.456489490.0000000003270000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456569651.0000000003272000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.456602295.0000000003274000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_3270000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CloseCodeEnumExitHandleObjectOpenSingleTerminateWaitWindows
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3465249596-0
                                                                                                                                • Opcode ID: 38179c8ac714efbcc2535f0ee4e8ca530b75d0741e492cfdc9c66684ae1ea534
                                                                                                                                • Instruction ID: cf4e3db0ada131fa691bce04e5ec75f5b691bcd5c1fbd01779a6d4c8fa43eac9
                                                                                                                                • Opcode Fuzzy Hash: 38179c8ac714efbcc2535f0ee4e8ca530b75d0741e492cfdc9c66684ae1ea534
                                                                                                                                • Instruction Fuzzy Hash: F5116D35A10249EFDB20EFA6EC88AAE77BCFF45741F048469F901E2140D7B4A991CB71
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004021B7, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 52%
                                                                                                                                			E004021B7(intOrPtr _a4, signed char _a28, intOrPtr _a32, char _a60, intOrPtr _a64, intOrPtr _a68, intOrPtr _a72, intOrPtr _a76, intOrPtr _a80, intOrPtr _a84, signed char _a88, void* _a108, void* _a112) {
				void* _v12;
				intOrPtr _t31;
				void* _t38;
				void* _t39;
				void* _t41;
				intOrPtr _t43;
				void* _t45;
				void* _t46;

				_t41 = E00403312(_t38);
				_t43 = E00403312(_t38);
				_t39 = E00403312(_t38, 0x22);
				E00403312(_t38, 0x15);
				E00405F97(0xffffffec, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\System.dll");
				_a68 = _a4;
				_a64 = _a32;
				_t37 = _a28;
				_a88 = _a28;
				_a76 = _t43;
				_t25 =  !=  ? _t41 : 0;
				_a72 =  !=  ? _t41 : 0;
				_a84 = 0x4d7000;
				_t27 =  !=  ? _t39 : 0;
				_a80 =  !=  ? _t39 : 0;
				if(E00406F5F( &_a60) != 0) {
					if((_a88 & 0x00000040) != 0) {
						E004067BB(_t37,  *(_t45 + 0x8c));
						CloseHandle( *(_t45 + 0x8c));
					}
					_push(_t39);
					_push(_t43);
					_push(_t41);
					_push(L"ExecShell: success (\"%s\": file:\"%s\" params:\"%s\")");
					E00406AF2();
					_t46 = _t45 + 0x10;
					_t31 =  *((intOrPtr*)(_t46 + 0x10));
				} else {
					_push(GetLastError());
					E00406AF2(L"ExecShell: warning: error (\"%s\": file:\"%s\" params:\"%s\")=%d", __esi);
					0 = 1;
				}
				 *0x47e2e8 =  *0x47e2e8 + _t31;
				return 0;
			}











                                                                                                                                0x004021bf
                                                                                                                                0x004021c8
                                                                                                                                0x004021d1
                                                                                                                                0x004021d3
                                                                                                                                0x004021df
                                                                                                                                0x004021ec
                                                                                                                                0x004021f2
                                                                                                                                0x004021f6
                                                                                                                                0x004021fa
                                                                                                                                0x00402201
                                                                                                                                0x00402205
                                                                                                                                0x00402208
                                                                                                                                0x00402211
                                                                                                                                0x00402219
                                                                                                                                0x0040221c
                                                                                                                                0x0040222c
                                                                                                                                0x0040224f
                                                                                                                                0x00402258
                                                                                                                                0x00402264
                                                                                                                                0x00402264
                                                                                                                                0x0040226a
                                                                                                                                0x0040226b
                                                                                                                                0x0040226c
                                                                                                                                0x0040226d
                                                                                                                                0x00401673
                                                                                                                                0x00401678
                                                                                                                                0x0040316f
                                                                                                                                0x0040222e
                                                                                                                                0x00402234
                                                                                                                                0x0040223d
                                                                                                                                0x00401736
                                                                                                                                0x00401736
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FC9
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FDB
                                                                                                                                  • Part of subcall function 00405F97: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?), ref: 00405FF6
                                                                                                                                  • Part of subcall function 00405F97: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\), ref: 0040600E
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?), ref: 00406035
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00406050
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 0040605D
                                                                                                                                  • Part of subcall function 00406F5F: ShellExecuteExW.SHELL32(?), ref: 00406F6E
                                                                                                                                • GetLastError.KERNEL32(?), ref: 0040222E
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                • CloseHandle.KERNEL32(?,?,?), ref: 00402264
                                                                                                                                Strings
                                                                                                                                • @, xrefs: 0040224A
                                                                                                                                • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 0040226D
                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll, xrefs: 004021D8
                                                                                                                                • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402238
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSendlstrlen$CloseErrorExecuteHandleLastShellTextWindowlstrcatwvsprintf
                                                                                                                                • String ID: @$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll$ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                • API String ID: 1947308509-875874713
                                                                                                                                • Opcode ID: 14a505b76776de504fe4b597d3900ea142654e2b9e261be17ff1fac39cf7248c
                                                                                                                                • Instruction ID: c3b8f13b2fe78644521305e011658aa232d6020e20846d940bb9f60e82e7d75d
                                                                                                                                • Opcode Fuzzy Hash: 14a505b76776de504fe4b597d3900ea142654e2b9e261be17ff1fac39cf7248c
                                                                                                                                • Instruction Fuzzy Hash: BA1106715083409BD310AFB18D49E4BBAE8AF85745F50483EB585E72D2DAB98C40DB56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402B8C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 95%
                                                                                                                                			E00402B8C(int __ebx, intOrPtr* __ebp, void* _a12, signed int _a20, intOrPtr _a36, void* _a44, intOrPtr _a48, void* _a68, intOrPtr _a76, intOrPtr _a84) {
				void* _v4;
				intOrPtr _t19;
				signed int _t23;
				int _t32;
				int _t33;
				void* _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				int _t43;
				intOrPtr* _t45;
				void* _t47;

				_t45 = __ebp;
				_t33 = __ebx;
				_t36 = _a36;
				_t37 = _a48;
				_a76 = _t37;
				_a20 = 0 | _t36 == 0x00000038;
				if(_t37 == 0) {
					if(_t36 != 0x38) {
						_t43 = lstrlenW(E00403312(_t37, 0x11)) + _t18;
					} else {
						E00403312(_t37, 0x21);
						WideCharToMultiByte(__ebx, __ebx, "C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp", 0xffffffff, 0x410108, 0x2000, __ebx, __ebx);
						_t43 = lstrlenA(0x410108);
					}
				} else {
					 *0x410108 = E004032D6(1);
					_pop(_t36);
					_t32 = (0 | _a20 == 0x00000000) + 1;
					_a84 = _t32;
					_t43 = _t32;
				}
				if( *_t45 == _t33) {
					L10:
					_t19 = 1;
				} else {
					_t35 = E00407183(_t45);
					_t23 =  *(_t47 + 0x14) |  *(_t47 + 0x4c);
					if(_t23 != 0 ||  *((intOrPtr*)(_t47 + 0x34)) == _t23 || E0040672B(_t35, _t35) >= 0) {
						if(E00406F77(_t36, _t35, ?str?, _t43) != 0) {
							_t19 =  *((intOrPtr*)(_t47 + 0x10));
						} else {
							goto L10;
						}
					} else {
						goto L10;
					}
				}
				 *0x47e2e8 =  *0x47e2e8 + _t19;
				return 0;
			}














                                                                                                                                0x00402b8c
                                                                                                                                0x00402b8c
                                                                                                                                0x00402b8c
                                                                                                                                0x00402b92
                                                                                                                                0x00402b99
                                                                                                                                0x00402ba8
                                                                                                                                0x00402bae
                                                                                                                                0x00402bd2
                                                                                                                                0x00402c0c
                                                                                                                                0x00402bd4
                                                                                                                                0x00402bd6
                                                                                                                                0x00402bec
                                                                                                                                0x00402bf9
                                                                                                                                0x00402bf9
                                                                                                                                0x00402bb0
                                                                                                                                0x00402bb6
                                                                                                                                0x00402bc2
                                                                                                                                0x00402bc6
                                                                                                                                0x00402bc7
                                                                                                                                0x00402bcb
                                                                                                                                0x00402bcb
                                                                                                                                0x00402c12
                                                                                                                                0x00402c4b
                                                                                                                                0x00402c4b
                                                                                                                                0x00402c14
                                                                                                                                0x00402c1a
                                                                                                                                0x00402c20
                                                                                                                                0x00402c24
                                                                                                                                0x00402c45
                                                                                                                                0x0040316f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00402c24
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll,00002000,?,?,00000021), ref: 00402BEC
                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll,00002000,?,?,00000021), ref: 00402BF3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWidelstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\System.dll
                                                                                                                                • API String ID: 3109718747-1934580370
                                                                                                                                • Opcode ID: ddb57accbd9be46d4857ef586b6e7b3d070ba7bdbdc3b53c3301070fc77f8496
                                                                                                                                • Instruction ID: 88da0d9fa09dbd15582c1ce0935ebd767fb8d76d3bbcaa5542e735c23f63f4f3
                                                                                                                                • Opcode Fuzzy Hash: ddb57accbd9be46d4857ef586b6e7b3d070ba7bdbdc3b53c3301070fc77f8496
                                                                                                                                • Instruction Fuzzy Hash: C121F331A083116BE710EB354E8492B77E8AF947A4F10493BF882F32C1D6BCCC40836A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402813, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E00402813(intOrPtr __ecx, signed int _a52, intOrPtr _a56, intOrPtr _a80) {
				void* _t6;
				signed int _t11;
				long _t15;
				long _t19;
				void* _t22;
				void* _t25;
				void* _t27;
				short* _t30;
				void* _t31;
				void* _t33;

				_t19 = 1;
				_t6 = E0040687E(__ecx);
				_t35 = _a56;
				_t31 = _t6;
				_pop(_t22);
				if(_a56 != 0) {
					_push(E00403312(_t25, 0x22));
					E00406AF2(L"DeleteRegKey: \"%s\\%s\"", _t31);
					_t33 = _t33 + 0xc;
					_t19 = E00403350(_a80, _t7, _a52 >> 1);
				} else {
					_t27 = E00403395(_t22, _t25, _t35, 2);
					if(_t27 != 0) {
						_t30 = E00403312(_t25, 0x33);
						_t15 = RegDeleteValueW(_t27, _t30);
						_push(_t30);
						_push("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp");
						_t19 = _t15;
						E00406AF2(L"DeleteRegValue: \"%s\\%s\" \"%s\"", _t31);
						_t33 = _t33 + 0x10;
						RegCloseKey(_t27);
					}
				}
				_t11 = 0 | _t19 != 0x00000000;
				 *0x47e2e8 =  *0x47e2e8 + _t11;
				return 0;
			}













                                                                                                                                0x00402816
                                                                                                                                0x00402817
                                                                                                                                0x0040281c
                                                                                                                                0x00402821
                                                                                                                                0x00402823
                                                                                                                                0x00402824
                                                                                                                                0x0040286c
                                                                                                                                0x00402873
                                                                                                                                0x0040287c
                                                                                                                                0x0040288c
                                                                                                                                0x00402826
                                                                                                                                0x0040282d
                                                                                                                                0x00402831
                                                                                                                                0x0040283a
                                                                                                                                0x0040283e
                                                                                                                                0x00402844
                                                                                                                                0x00402845
                                                                                                                                0x00402850
                                                                                                                                0x00402852
                                                                                                                                0x00402857
                                                                                                                                0x0040285b
                                                                                                                                0x0040285b
                                                                                                                                0x00402831
                                                                                                                                0x00402892
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040285B
                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033,00000002), ref: 0040283E
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp, xrefs: 00402845
                                                                                                                                • DeleteRegValue: "%s\%s" "%s", xrefs: 0040284B
                                                                                                                                • DeleteRegKey: "%s\%s", xrefs: 0040286E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseDeleteValuelstrlenwvsprintf
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp$DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                • API String ID: 3978859029-4077315721
                                                                                                                                • Opcode ID: 2579e17b44fb512c546e78eb104001da7c442b341c13499704d1ea6158c3a04e
                                                                                                                                • Instruction ID: c4b02af0999607f3aeac747591c329c5603212a113f8186c8bf54697cf377dba
                                                                                                                                • Opcode Fuzzy Hash: 2579e17b44fb512c546e78eb104001da7c442b341c13499704d1ea6158c3a04e
                                                                                                                                • Instruction Fuzzy Hash: 3D01F5326002106BE2047AF25C8AA7B2A5CCB82355F05453FF905B61C2E9BD8D10566A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004067FF, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004067FF() {
				int _t17;
				void* _t19;
				intOrPtr _t24;
				signed int _t27;
				intOrPtr _t32;
				int _t35;
				intOrPtr _t36;
				WCHAR* _t39;
				void* _t41;

				_t27 = 3;
				_t17 =  *(_t41 + 0xc) / _t27;
				_t39 =  *(_t41 + 0x18);
				_t32 = 0;
				_t35 = _t17;
				_t24 = 0;
				 *((intOrPtr*)(_t41 + 0x10)) = 0;
				if( *((intOrPtr*)(_t41 + 0x24)) <= _t35) {
					_t36 =  *((intOrPtr*)(_t41 + 0x24));
				} else {
					_t36 = _t35 - 1;
					_t24 = 1;
					 *((intOrPtr*)(_t41 + 0x10)) = 1;
				}
				if(_t36 != 0) {
					do {
						_t19 = 0x20;
						_t20 =  ==  ? 0 : _t19;
						_t17 = wsprintfW(_t39, L"%02x%c",  *(_t32 +  *((intOrPtr*)(_t41 + 0x24))) & 0x000000ff,  ==  ? 0 : _t19);
						_t41 = _t41 + 0x10;
						_t39 =  &(_t39[3]);
						_t32 = _t32 + 1;
					} while (_t32 < _t36);
					_t24 =  *((intOrPtr*)(_t41 + 0x10));
				}
				if(_t24 != 0) {
					return lstrcatW( *(_t41 + 0xc), L"...");
				}
				return _t17;
			}












                                                                                                                                0x0040680c
                                                                                                                                0x0040680d
                                                                                                                                0x0040680f
                                                                                                                                0x00406813
                                                                                                                                0x00406815
                                                                                                                                0x00406817
                                                                                                                                0x00406819
                                                                                                                                0x00406821
                                                                                                                                0x0040682b
                                                                                                                                0x00406823
                                                                                                                                0x00406823
                                                                                                                                0x00406824
                                                                                                                                0x00406825
                                                                                                                                0x00406825
                                                                                                                                0x00406831
                                                                                                                                0x00406836
                                                                                                                                0x00406838
                                                                                                                                0x0040683d
                                                                                                                                0x00406850
                                                                                                                                0x00406856
                                                                                                                                0x00406859
                                                                                                                                0x0040685c
                                                                                                                                0x0040685d
                                                                                                                                0x00406861
                                                                                                                                0x00406861
                                                                                                                                0x0040686b
                                                                                                                                0x00000000
                                                                                                                                0x00406876
                                                                                                                                0x0040687d

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                                • String ID: %02x%c$...$C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp
                                                                                                                                • API String ID: 3065427908-4061461960
                                                                                                                                • Opcode ID: b5ee27eff520bf93ec377c14ed57877014ddb2424d6ee4fefdfb538b8d015b19
                                                                                                                                • Instruction ID: 43a4aa95fb3374dba26901d5555126ea8bdf2d0b57aed63dd4993ee5f85748e1
                                                                                                                                • Opcode Fuzzy Hash: b5ee27eff520bf93ec377c14ed57877014ddb2424d6ee4fefdfb538b8d015b19
                                                                                                                                • Instruction Fuzzy Hash: 6801F532605311AFD310EF19AC80A2BBBE9EBC8714F02493EF55AA3182D3709D208695
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004058C9, Relevance: 7.5, APIs: 5, Instructions: 46windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004058C9(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t18;
				unsigned int _t22;
				signed int _t28;

				_t18 = SendMessageW(_a4, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t18;
					_v60 = 4;
					SendMessageW(_a4, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t22 = GetMessagePos();
				_v16 = _t22 >> 0x10;
				_v20 = _t22;
				ScreenToClient(_a4,  &_v20);
				_t28 = SendMessageW(_a4, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t18 = _v8;
					goto L4;
				}
				return _t28 | 0xffffffff;
			}













                                                                                                                                0x004058e2
                                                                                                                                0x004058e8
                                                                                                                                0x00405928
                                                                                                                                0x00405928
                                                                                                                                0x00405939
                                                                                                                                0x00405940
                                                                                                                                0x00000000
                                                                                                                                0x00405942
                                                                                                                                0x004058ea
                                                                                                                                0x004058f7
                                                                                                                                0x00405901
                                                                                                                                0x00405904
                                                                                                                                0x00405918
                                                                                                                                0x0040591e
                                                                                                                                0x00405925
                                                                                                                                0x00000000
                                                                                                                                0x00405925
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004058E2
                                                                                                                                • GetMessagePos.USER32 ref: 004058EA
                                                                                                                                • ScreenToClient.USER32 ref: 00405904
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00405918
                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00405940
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 41195575-0
                                                                                                                                • Opcode ID: 03631cc0df95dc05fdd053c6761a7105d0b2e4030efc51da6e2e131b0af6347e
                                                                                                                                • Instruction ID: b79e80576ae39c76f6271a61e5ba18d20391024c343806c757684077608744a1
                                                                                                                                • Opcode Fuzzy Hash: 03631cc0df95dc05fdd053c6761a7105d0b2e4030efc51da6e2e131b0af6347e
                                                                                                                                • Instruction Fuzzy Hash: F601697194020CBBDB009F94DC45BEEBBB8EB54320F10412AFA10BA1E0C7B59A408F54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405744, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E00405744(signed int __ecx, signed int _a8, signed int _a12, unsigned int _a16) {
				int _v12;
				char _v80;
				char _v136;
				unsigned int _t24;
				void* _t27;
				void* _t33;
				void* _t35;
				signed int _t45;
				signed char _t50;
				signed int _t51;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				signed int _t62;
				signed char _t65;

				_t24 = _a16;
				_t45 = 0xffffffdc;
				if(_t24 == 0) {
					_t57 = _a12;
					asm("sbb ecx, ecx");
					_t60 = 0x14;
					asm("sbb eax, eax");
					_t27 = 0xffffffde;
					_t45 =  <  ? _t27 : _t45 +  ~0x100000;
					_t65 =  >=  ? (__ecx & 0xfffffff6) + _t60 : 0;
					if(_t57 < 0xffff3333) {
						asm("cdq");
						_t57 = _t57 + 1 / _t60;
					}
					_t50 = _t65;
					_t62 = _t57 >> _t50;
					_t51 = 0xa;
					_t59 = ((_t57 & 0x00ffffff) * 0xa >> _t50) % _t51;
				} else {
					_t62 = (_t24 << 0x00000020 | _a12) >> 0x14;
					_t59 = 0;
					_a12 = _t62;
					_a16 = _t24 >> 0x14;
				}
				E00406119(0x441d48, _a8);
				_t33 = E00406119( &_v136, 0xffffffdf);
				_t35 = E00406119( &_v80, _t45);
				wsprintfW( &(0x441d48[lstrlenW(0x441d48)]), L"%u.%u%s%s", _t62, _t59, _t35, _t33);
				return SetDlgItemTextW( *0x4761fc, _v12, 0x441d48);
			}


















                                                                                                                                0x00405744
                                                                                                                                0x00405754
                                                                                                                                0x00405757
                                                                                                                                0x00405779
                                                                                                                                0x0040578e
                                                                                                                                0x00405793
                                                                                                                                0x0040579a
                                                                                                                                0x004057a2
                                                                                                                                0x004057a3
                                                                                                                                0x004057aa
                                                                                                                                0x004057b3
                                                                                                                                0x004057bc
                                                                                                                                0x004057bf
                                                                                                                                0x004057bf
                                                                                                                                0x004057c3
                                                                                                                                0x004057cb
                                                                                                                                0x004057d6
                                                                                                                                0x004057d9
                                                                                                                                0x00405759
                                                                                                                                0x00405760
                                                                                                                                0x00405767
                                                                                                                                0x00405769
                                                                                                                                0x00405770
                                                                                                                                0x00405770
                                                                                                                                0x004057e8
                                                                                                                                0x004057f4
                                                                                                                                0x00405800
                                                                                                                                0x0040581b
                                                                                                                                0x00405841

                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(00441D48,%u.%u%s%s,?,00000000,00000000,?,000000DC,00000000,?,000000DF,00441D48,?,00000000,?,?,?), ref: 0040580E
                                                                                                                                • wsprintfW.USER32 ref: 0040581B
                                                                                                                                • SetDlgItemTextW.USER32 ref: 00405832
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                • Opcode ID: c4494e43ee8515ab7b441a2422fe989245ca97c24f7e4cae93ce22b09b8b6c6d
                                                                                                                                • Instruction ID: 23e36434f452340e71ea40ace0cdba6e9327a5307ac1784296282f1b10c29c32
                                                                                                                                • Opcode Fuzzy Hash: c4494e43ee8515ab7b441a2422fe989245ca97c24f7e4cae93ce22b09b8b6c6d
                                                                                                                                • Instruction Fuzzy Hash: F0216D736043186BD720A57D9C01FAF72CDDBC1364F11463EF86DE31E2E93898058665
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00407123, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00407123(char _a4) {
				WCHAR* _t5;
				short* _t7;
				signed int _t10;
				WCHAR* _t11;
				WCHAR* _t12;
				void* _t13;
				void* _t14;

				_t1 =  &_a4; // 0x406c47
				_t11 =  *_t1;
				_t12 = CharNextW(_t11);
				_t5 = CharNextW(_t12);
				_t10 =  *_t11 & 0x0000ffff;
				_t14 = 0x5c;
				if(_t10 == 0 ||  *_t12 != 0x3a || _t12[1] != _t14) {
					if(_t10 != _t14 || _t11[1] != _t14) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00406A3C(_t5, _t14);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}










                                                                                                                                0x0040712d
                                                                                                                                0x0040712d
                                                                                                                                0x00407134
                                                                                                                                0x00407137
                                                                                                                                0x00407139
                                                                                                                                0x0040713e
                                                                                                                                0x00407142
                                                                                                                                0x00407158
                                                                                                                                0x0040717a
                                                                                                                                0x00000000
                                                                                                                                0x00407160
                                                                                                                                0x00407162
                                                                                                                                0x00407163
                                                                                                                                0x00407165
                                                                                                                                0x00407166
                                                                                                                                0x0040716f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407171
                                                                                                                                0x00407176
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00407176
                                                                                                                                0x00000000
                                                                                                                                0x00407163
                                                                                                                                0x00407150
                                                                                                                                0x00000000
                                                                                                                                0x00407151

                                                                                                                                APIs
                                                                                                                                • CharNextW.USER32(Gl@,?,?,00000000,00465DC0,00406A8B,00465DC0,00465DC0,00000000,?,?,00406C47,?,00000000,74B5FAA0,?), ref: 00407132
                                                                                                                                • CharNextW.USER32(00000000), ref: 00407137
                                                                                                                                • CharNextW.USER32(00000000), ref: 00407151
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharNext
                                                                                                                                • String ID: Gl@
                                                                                                                                • API String ID: 3213498283-889202540
                                                                                                                                • Opcode ID: 04de2fc68a9adca6d79b5fe706ca0c54646ec091451e5747f08d6b7dae88444e
                                                                                                                                • Instruction ID: 9affcbee786c12e852286f8503f4b5de3ef1a750c5cf429dbee2f5d9f555770a
                                                                                                                                • Opcode Fuzzy Hash: 04de2fc68a9adca6d79b5fe706ca0c54646ec091451e5747f08d6b7dae88444e
                                                                                                                                • Instruction Fuzzy Hash: D9F0C272D08211A1CA3177699C95E7BA3BDDF56360B108027E5417B3C0A278AC90C1BB
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401434, Relevance: 6.1, APIs: 4, Instructions: 61registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 84%
                                                                                                                                			E00401434(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t20;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t32;
				signed int _t34;

				_t34 = _a12 & 0x00000300;
				_t32 = _a12 & 0x00000001;
				_t20 = E00406583(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8);
				if(_t20 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t26 = E00401434(__eflags, _v8,  &_v532, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E00406E4E(3);
					if(_t28 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t34, 0);
				}
				return _t20;
			}










                                                                                                                                0x00401448
                                                                                                                                0x00401451
                                                                                                                                0x0040145e
                                                                                                                                0x00401465
                                                                                                                                0x00401483
                                                                                                                                0x00401469
                                                                                                                                0x0040146b
                                                                                                                                0x004014c2
                                                                                                                                0x00000000
                                                                                                                                0x004014c8
                                                                                                                                0x0040147a
                                                                                                                                0x0040147f
                                                                                                                                0x00401481
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00401481
                                                                                                                                0x004014a1
                                                                                                                                0x004014a9
                                                                                                                                0x004014b0
                                                                                                                                0x00000000
                                                                                                                                0x004014d5
                                                                                                                                0x00000000
                                                                                                                                0x004014bb
                                                                                                                                0x004014e0

                                                                                                                                APIs
                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00401494
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004014A1
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004014C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Close$Enum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 464197530-0
                                                                                                                                • Opcode ID: 2027954a83ff4ce0a0990e1a5c5b6b3f7908b26ea82a5f530d2de7b34af8e332
                                                                                                                                • Instruction ID: d6d50bf36e7ca0809634c768f9b844c2ab9b62cc0fe19e88bf51ffc03b9a7788
                                                                                                                                • Opcode Fuzzy Hash: 2027954a83ff4ce0a0990e1a5c5b6b3f7908b26ea82a5f530d2de7b34af8e332
                                                                                                                                • Instruction Fuzzy Hash: B6113632900208BBDF129FA1CD05BAE7B7AEF18350F154476BD18B21B0D7759E20AB98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402277, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 27%
                                                                                                                                			E00402277(void* _a24, void* _a32) {
				void* _v0;
				void* _v4;
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t19;
				WCHAR* _t20;

				_t20 = E00403312(_t19);
				E00406AF2(L"Exec: command=\"%s\"", _t20);
				E00405F97(0xffffffeb, _t20);
				_t9 = E00406BE0(_t20);
				_push(_t20);
				if(_t9 == 0) {
					_push(L"Exec: failed createprocess (\"%s\")");
					E00406AF2();
				} else {
					_push(L"Exec: success (\"%s\")");
					__eax = E00406AF2();
					__eflags =  *(__esp + 0x38);
					_pop(__ecx);
					_pop(__ecx);
					if(__eflags != 0) {
						__eax = E004067BB(__ecx, __ebx);
						__eflags =  *(__esp + 0x2c);
						__ecx = __eax;
						if( *(__esp + 0x2c) < 0) {
							__eax =  *(__esp + 0x10);
							0 = 1;
							__eflags = __ecx;
							__eax =  !=  ? 1 :  *(__esp + 0x10);
							 *(__esp + 0x10) =  !=  ? 1 :  *(__esp + 0x10);
						} else {
							__eax = E00406A5B(__esi, __ecx);
						}
					}
					_push(__ebx);
					__eax = CloseHandle();
					__eax =  *(__esp + 0x10);
				}
				 *0x47e2e8 =  *0x47e2e8 + 1;
				return 0;
			}










                                                                                                                                0x0040227d
                                                                                                                                0x00402285
                                                                                                                                0x0040228f
                                                                                                                                0x00402295
                                                                                                                                0x0040229c
                                                                                                                                0x0040229f
                                                                                                                                0x004022e8
                                                                                                                                0x0040190a
                                                                                                                                0x004022a1
                                                                                                                                0x004022a1
                                                                                                                                0x004022a6
                                                                                                                                0x004022ab
                                                                                                                                0x004022b0
                                                                                                                                0x004022b1
                                                                                                                                0x004022b2
                                                                                                                                0x004022b5
                                                                                                                                0x004022ba
                                                                                                                                0x004022bf
                                                                                                                                0x004022c1
                                                                                                                                0x004022cc
                                                                                                                                0x004022d2
                                                                                                                                0x004022d3
                                                                                                                                0x004022d5
                                                                                                                                0x004022d8
                                                                                                                                0x004022c3
                                                                                                                                0x004022c5
                                                                                                                                0x004022c5
                                                                                                                                0x004022c1
                                                                                                                                0x004022dc
                                                                                                                                0x004022dd
                                                                                                                                0x0040316f
                                                                                                                                0x0040316f
                                                                                                                                0x00403173
                                                                                                                                0x00403185

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00406AF2: lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                  • Part of subcall function 00406AF2: wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FC9
                                                                                                                                  • Part of subcall function 00405F97: lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?,00000000,?,?), ref: 00405FDB
                                                                                                                                  • Part of subcall function 00405F97: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,?), ref: 00405FF6
                                                                                                                                  • Part of subcall function 00405F97: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\), ref: 0040600E
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?), ref: 00406035
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00406050
                                                                                                                                  • Part of subcall function 00405F97: SendMessageW.USER32(?,00001013,00000000,00000000), ref: 0040605D
                                                                                                                                  • Part of subcall function 00406BE0: CreateProcessW.KERNEL32 ref: 00406C09
                                                                                                                                  • Part of subcall function 00406BE0: CloseHandle.KERNEL32(?), ref: 00406C16
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,Exec: success ("%s"),00000000,00000000,000000EB,00000000), ref: 004022DD
                                                                                                                                  • Part of subcall function 004067BB: WaitForSingleObject.KERNEL32(?,00000064,00000000,?,00000000,0040225D,?,?), ref: 004067C5
                                                                                                                                  • Part of subcall function 004067BB: GetExitCodeProcess.KERNEL32 ref: 004067EF
                                                                                                                                  • Part of subcall function 00406A5B: wsprintfW.USER32 ref: 00406A68
                                                                                                                                Strings
                                                                                                                                • Exec: success ("%s"), xrefs: 004022A1
                                                                                                                                • Exec: failed createprocess ("%s"), xrefs: 004022E8
                                                                                                                                • Exec: command="%s", xrefs: 00402280
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintfwvsprintf
                                                                                                                                • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                • API String ID: 4010025918-3433828417
                                                                                                                                • Opcode ID: 5b9d691529bf53f1ea66ae78d2479e34a156aff0885f785fd180b2e98c3249c6
                                                                                                                                • Instruction ID: 5bb194b71ebf3ab7884cb6793ad909a2850df49acd5f9116709db62ec054d706
                                                                                                                                • Opcode Fuzzy Hash: 5b9d691529bf53f1ea66ae78d2479e34a156aff0885f785fd180b2e98c3249c6
                                                                                                                                • Instruction Fuzzy Hash: 270184713083415BE604B7B69C46A2B37D8DBC1729F20853FF442B51D2DABC8D459A6E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403673, Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00403673(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x420170 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x47e220) {
							_t3 = CreateDialogParamW( *0x476218, 0x6f, 0, E0040393B, 0);
							 *0x420170 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E004064B0(0);
					}
				} else {
					_t6 =  *0x420170; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420170 =  *0x420170 & 0x00000000;
					return _t6;
				}
			}






                                                                                                                                0x00403678
                                                                                                                                0x00403699
                                                                                                                                0x004036a3
                                                                                                                                0x004036af
                                                                                                                                0x004036c2
                                                                                                                                0x004036cb
                                                                                                                                0x00000000
                                                                                                                                0x004036d0
                                                                                                                                0x004036d6
                                                                                                                                0x0040369b
                                                                                                                                0x004036a2
                                                                                                                                0x004036a2
                                                                                                                                0x0040367a
                                                                                                                                0x0040367a
                                                                                                                                0x00403681
                                                                                                                                0x00403684
                                                                                                                                0x00403684
                                                                                                                                0x0040368a
                                                                                                                                0x00403691
                                                                                                                                0x00403691

                                                                                                                                APIs
                                                                                                                                • DestroyWindow.USER32(00000000,00403865), ref: 00403684
                                                                                                                                • GetTickCount.KERNEL32 ref: 004036A3
                                                                                                                                • CreateDialogParamW.USER32 ref: 004036C2
                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 004036D0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                • Opcode ID: b74200fcbce38d17a7c7a0a85f977948c4b37dd7448c2c72e745980801d78bce
                                                                                                                                • Instruction ID: b65ebc3d98d3834dce0193bee3196051d87bc8d3825354f9f124fb33c2dc9f21
                                                                                                                                • Opcode Fuzzy Hash: b74200fcbce38d17a7c7a0a85f977948c4b37dd7448c2c72e745980801d78bce
                                                                                                                                • Instruction Fuzzy Hash: 32F0D430640300FBDB219F60ED0DB263AA8B704B06F904DB9E101B52F2DBBA9952CA1C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405AF3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E00405AF3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t16;
				long _t17;

				_t16 = _a8;
				if(_t16 != 0x102) {
					__eflags = _t16 - 0x200;
					if(_t16 != 0x200) {
						_t17 = _a16;
						L8:
						__eflags = _t16 - 0x419;
						if(_t16 == 0x419) {
							__eflags =  *0x459d68 - _t17; // 0x0
							if(__eflags != 0) {
								_push(_t17);
								_push(6);
								 *0x459d68 = _t17;
								E0040569A();
							}
						}
						L11:
						return CallWindowProcW( *0x451d64, _a4, _t16, _a12, _t17);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L6:
						_t17 = _a16;
						goto L11;
					}
					_t17 = E004058C9(_a4, 1);
					_t16 = 0x419;
					goto L8;
				}
				if(_a12 == 0x20) {
					E004056CC(0x413);
					return 0;
				}
				goto L6;
			}






                                                                                                                                0x00405af9
                                                                                                                                0x00405b02
                                                                                                                                0x00405b1d
                                                                                                                                0x00405b23
                                                                                                                                0x00405b47
                                                                                                                                0x00405b4a
                                                                                                                                0x00405b4a
                                                                                                                                0x00405b4c
                                                                                                                                0x00405b4e
                                                                                                                                0x00405b54
                                                                                                                                0x00405b56
                                                                                                                                0x00405b57
                                                                                                                                0x00405b59
                                                                                                                                0x00405b5f
                                                                                                                                0x00405b5f
                                                                                                                                0x00405b54
                                                                                                                                0x00405b64
                                                                                                                                0x00000000
                                                                                                                                0x00405b72
                                                                                                                                0x00405b28
                                                                                                                                0x00405b2e
                                                                                                                                0x00405b30
                                                                                                                                0x00405b42
                                                                                                                                0x00405b42
                                                                                                                                0x00000000
                                                                                                                                0x00405b42
                                                                                                                                0x00405b3c
                                                                                                                                0x00405b3e
                                                                                                                                0x00000000
                                                                                                                                0x00405b3e
                                                                                                                                0x00405b08
                                                                                                                                0x00405b0f
                                                                                                                                0x00000000
                                                                                                                                0x00405b14
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405B28
                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405B72
                                                                                                                                  • Part of subcall function 004056CC: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004056DE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                • Opcode ID: 46167e9009a0409b4e747a20d96a9b95b2253c07b144f8f9067a066ab572d1e7
                                                                                                                                • Instruction ID: 4b40906d666eb4fb93081fa93511f5c3ce3e67fc117c2fa3ed6ae840272a3a5c
                                                                                                                                • Opcode Fuzzy Hash: 46167e9009a0409b4e747a20d96a9b95b2253c07b144f8f9067a066ab572d1e7
                                                                                                                                • Instruction Fuzzy Hash: BC014032600709ABDF305E51DC449AB7B36EB40761F144436F604761A1C779BC51DE9D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406EE1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E00406EE1(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, short* _a12, char* _a16, int _a20) {
				void* _v8;
				int _v12;
				void* _t20;
				char _t21;
				long _t24;
				char* _t28;

				_v12 = 0x4000;
				asm("sbb eax, eax");
				_t20 = E00406583(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_v8);
				_t28 = _a16;
				if(_t20 != 0) {
					L4:
					_t21 = 0;
					 *_t28 = 0;
				} else {
					_t24 = RegQueryValueExW(_v8, _a12, 0,  &_a20, _t28,  &_v12);
					RegCloseKey(_v8);
					_t21 = 0;
					_t28[0x3ffe] = 0;
					if(_t24 != 0 || _a20 != 1 && _a20 != 2) {
						goto L4;
					}
				}
				return _t21;
			}









                                                                                                                                0x00406eea
                                                                                                                                0x00406ef7
                                                                                                                                0x00406f0a
                                                                                                                                0x00406f0f
                                                                                                                                0x00406f14
                                                                                                                                0x00406f53
                                                                                                                                0x00406f53
                                                                                                                                0x00406f55
                                                                                                                                0x00406f16
                                                                                                                                0x00406f28
                                                                                                                                0x00406f33
                                                                                                                                0x00406f39
                                                                                                                                0x00406f3d
                                                                                                                                0x00406f45
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00406f45
                                                                                                                                0x00406f5c

                                                                                                                                APIs
                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,00004000,00000000,00004000,?,?,?,Delete on reboot: ,?,?,?,0040624C), ref: 00406F28
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00406F33
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                • String ID: Delete on reboot:
                                                                                                                                • API String ID: 3356406503-2410499825
                                                                                                                                • Opcode ID: d58245cf8aa346659dc1525a190060b27a20d436a604a7c793bd852ddd8d0c80
                                                                                                                                • Instruction ID: e260761c86b6edb2547cca4aafecc10fbcf9d5178f3f92ced46a756ca1de9d68
                                                                                                                                • Opcode Fuzzy Hash: d58245cf8aa346659dc1525a190060b27a20d436a604a7c793bd852ddd8d0c80
                                                                                                                                • Instruction Fuzzy Hash: 13014C7651011ABADF219FA8EC06AEB7BBDEF54344F100126FD05E2260E274DE64D798
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406AF2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00406AF2(WCHAR* _a4, char _a8) {

				 *0x46d1c0 = 0;
				wvsprintfW(0x46d1c0 + lstrlenW("RMDir: RemoveDirectory on Reboot("C:\Users\hardz\AppData\Local\Temp\nsh4B0C.tmp\")") * 2, _a4,  &_a8);
				return E00406B24(0);
			}



                                                                                                                                0x00406af9
                                                                                                                                0x00406b16
                                                                                                                                0x00406b23

                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"),00406DF0,RMDir: RemoveDirectory("%s"),?,?,?), ref: 00406AFF
                                                                                                                                • wvsprintfW.USER32(00000000,?,?), ref: 00406B16
                                                                                                                                  • Part of subcall function 00406B24: CloseHandle.KERNEL32(FFFFFFFF,00406B23,00000000), ref: 00406B36
                                                                                                                                Strings
                                                                                                                                • RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\"), xrefs: 00406AF4, 00406AF9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                • String ID: RMDir: RemoveDirectory on Reboot("C:\Users\user\AppData\Local\Temp\nsh4B0C.tmp\")
                                                                                                                                • API String ID: 3509786178-2623622231
                                                                                                                                • Opcode ID: 2e3f3a3640ccc44a1c92432f6f4f86147bbd8bfc86715692fbebdd0bd507b19e
                                                                                                                                • Instruction ID: 3524b02d58b80402969f890320ae1d729c174b09eb8b96f7f3711b90bb716017
                                                                                                                                • Opcode Fuzzy Hash: 2e3f3a3640ccc44a1c92432f6f4f86147bbd8bfc86715692fbebdd0bd507b19e
                                                                                                                                • Instruction Fuzzy Hash: 10D09EF4E14207AADB045BA1DD59A9A3BA4FB45349F400429F105960B1E6B99414C71E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405A4C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E00405A4C() {

				return lstrcatW(E0040699C(E0040708C("C:\Users\hardz\AppData\Local\Programs\SideQuest\install.log", 0x4d3000)), L"install.log");
			}



                                                                                                                                0x00405a6c

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 0040708C: lstrcpynW.KERNEL32(?,?,00002000,00403ABD,00476220,NSIS Error), ref: 00407099
                                                                                                                                  • Part of subcall function 0040699C: lstrlenW.KERNEL32(?,004E3000,00403EBE,004E3000,004E3000,004E3000,74B5FAA0,00403BCB), ref: 004069A2
                                                                                                                                  • Part of subcall function 0040699C: CharPrevW.USER32(?,00000000), ref: 004069AD
                                                                                                                                  • Part of subcall function 0040699C: lstrcatW.KERNEL32(?,00409AAC), ref: 004069BF
                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 00405A67
                                                                                                                                Strings
                                                                                                                                • install.log, xrefs: 00405A4C
                                                                                                                                • C:\Users\user\AppData\Local\Programs\SideQuest\install.log, xrefs: 00405A56
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrcat$CharPrevlstrcpynlstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Programs\SideQuest\install.log$install.log
                                                                                                                                • API String ID: 2126114531-2747453304
                                                                                                                                • Opcode ID: 82170f4a1d5d4f2096b1ca439a1767d36a24c34760ace6632d283d0c7f7ffed7
                                                                                                                                • Instruction ID: d869f1d07da27843b61e1d4d48d6d39523420f40dc417a488b6b792b0656276a
                                                                                                                                • Opcode Fuzzy Hash: 82170f4a1d5d4f2096b1ca439a1767d36a24c34760ace6632d283d0c7f7ffed7
                                                                                                                                • Instruction Fuzzy Hash: AAB09280A8434060D95037B60C47F0B08190800B0C3F1566B3881B20C348BD7114003F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004070A8, Relevance: 5.0, APIs: 4, Instructions: 36stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E004070A8(CHAR* _a4, char _a7, CHAR* _a8) {
				int _t9;
				int _t12;
				int _t18;
				CHAR* _t19;

				_t9 = lstrlenA(_a8);
				_t19 = _a4;
				_t18 = _t9;
				while(lstrlenA(_t19) >= _t18) {
					_a7 = _t19[_t18];
					_t19[_t18] = 0;
					_t12 = lstrcmpiA(_t19, _a8);
					_t19[_t18] = _a7;
					if(_t12 == 0) {
						return _t19;
					}
					_t19 = CharNextA(_t19);
				}
				return 0;
			}







                                                                                                                                0x004070b7
                                                                                                                                0x004070b9
                                                                                                                                0x004070bc
                                                                                                                                0x004070e7
                                                                                                                                0x004070c7
                                                                                                                                0x004070ca
                                                                                                                                0x004070ce
                                                                                                                                0x004070d9
                                                                                                                                0x004070dc
                                                                                                                                0x00000000
                                                                                                                                0x004070f7
                                                                                                                                0x004070e5
                                                                                                                                0x004070e5
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,00000000,004066A0,00000000,[Rename],00000000,00000000,00000000), ref: 004070B7
                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 004070CE
                                                                                                                                • CharNextA.USER32(?), ref: 004070DF
                                                                                                                                • lstrlenA.KERNEL32(?), ref: 004070E8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000010.00000002.454047838.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000010.00000002.454039772.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454059022.0000000000409000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454068548.000000000040C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454075995.0000000000410000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454084525.0000000000414000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454092685.000000000041C000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454107327.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454145060.0000000000459000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454156367.000000000046B000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454175861.0000000000487000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454190371.00000000004FF000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454206008.0000000000503000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454241414.0000000000563000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000010.00000002.454282937.000000000062F000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_16_2_400000_SideQuest-Setup-0.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 190613189-0
                                                                                                                                • Opcode ID: 101625ab4b01b81a2f65bab5472763f70b3b2fe69804ca13cfa23d1d51c713e6
                                                                                                                                • Instruction ID: ecc0bab28d39fd33cd5361d41a26a39b08cd8fe1b8c0cd0bb1d18f293cb15058
                                                                                                                                • Opcode Fuzzy Hash: 101625ab4b01b81a2f65bab5472763f70b3b2fe69804ca13cfa23d1d51c713e6
                                                                                                                                • Instruction Fuzzy Hash: E3F0593A209451BFC7014F299C449AEBF58EF5A220B148133FC88E3302D631E901D7BA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Analysis Process: adb.exe PID: 3404 Parent PID: 7096 adb.exeCOMMON

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1.3%
                                                                                                                                Dynamic/Decrypted Code Coverage:2.8%
                                                                                                                                Signature Coverage:0.6%
                                                                                                                                Total number of Nodes:1880
                                                                                                                                Total number of Limit Nodes:27

                                                                                                                                Graph

                                                                                                                                execution_graph 19094 7098786a 19095 70987851 19094->19095 19103 7098781f __lseeki64 19095->19103 19106 709877e1 19095->19106 19097 70987891 19098 70986afe 8 API calls 19097->19098 19097->19103 19100 709878d7 19098->19100 19099 70987951 19101 709877e1 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 19099->19101 19099->19103 19100->19099 19102 70986afe 8 API calls 19100->19102 19101->19103 19104 7098791f 19102->19104 19105 709877e1 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 19104->19105 19105->19099 19107 709877ec 19106->19107 19108 709877f1 19106->19108 19110 7098ac1d 19107->19110 19111 7098ac4f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 19110->19111 19112 7098ac42 19110->19112 19113 7098ac46 19111->19113 19112->19111 19112->19113 19113->19108 19114 70990e3e 19115 70990e4b 19114->19115 19120 70989222 19115->19120 19118 70989222 __crtGetStringTypeA_stat 67 API calls 19119 70990e7e 19118->19119 19127 709890ff 19120->19127 19122 7098923c 19126 7098925b 19122->19126 19140 7098ca4d 19122->19140 19125 7098ca4d __lseeki64 67 API calls 19125->19126 19126->19118 19126->19119 19128 7098910b __lseeki64 19127->19128 19129 70989123 19128->19129 19139 70989142 _memset 19128->19139 19130 7098ca4d __lseeki64 66 API calls 19129->19130 19131 70989128 19130->19131 19143 7098c9f6 19131->19143 19132 709891b4 RtlAllocateHeap 19132->19139 19133 70989138 __lseeki64 19133->19122 19139->19132 19139->19133 19147 7098da52 19139->19147 19154 7098e2d5 19139->19154 19160 709891fb 19139->19160 19163 709897fc 19139->19163 19438 70989f17 GetLastError 19140->19438 19142 70989252 19142->19125 19142->19126 19144 7098c94b OutputDebugStringA 19143->19144 19166 70987fb3 19144->19166 19146 7098c9ef 19146->19133 19148 7098da7a EnterCriticalSection 19147->19148 19149 7098da67 19147->19149 19148->19139 19170 7098d98a 19149->19170 19151 7098da6d 19151->19148 19196 709899b7 19151->19196 19155 7098e303 19154->19155 19157 7098e3a5 19155->19157 19159 7098e39c 19155->19159 19426 7098de2d 19155->19426 19157->19139 19159->19157 19433 7098dee2 19159->19433 19437 7098d96e LeaveCriticalSection 19160->19437 19162 70989202 19162->19139 19164 70989d53 __amsg_exit 6 API calls 19163->19164 19165 7098980c 19164->19165 19165->19139 19167 70987fbb 19166->19167 19168 70987fbe SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 19166->19168 19167->19146 19168->19146 19171 7098d996 __lseeki64 19170->19171 19172 7098d9bc 19171->19172 19203 7098e749 19171->19203 19180 7098d9cc __lseeki64 19172->19180 19249 70988b9e 19172->19249 19178 7098d9ed 19183 7098da52 __lock 67 API calls 19178->19183 19179 7098d9de 19182 7098ca4d __lseeki64 67 API calls 19179->19182 19180->19151 19182->19180 19185 7098d9f4 19183->19185 19186 7098da28 19185->19186 19187 7098d9fc 19185->19187 19188 70988ab7 ___freetlocinfo 67 API calls 19186->19188 19266 7098eeab 19187->19266 19190 7098da19 19188->19190 19293 7098da44 19190->19293 19191 7098da07 19191->19190 19280 70988ab7 19191->19280 19194 7098da13 19195 7098ca4d __lseeki64 67 API calls 19194->19195 19195->19190 19197 7098e749 __FF_MSGBANNER 67 API calls 19196->19197 19198 709899c1 19197->19198 19199 7098e5bf __FF_MSGBANNER 67 API calls 19198->19199 19200 709899c9 19199->19200 19201 70989d53 __amsg_exit 6 API calls 19200->19201 19202 709899d4 19201->19202 19202->19148 19296 70991631 19203->19296 19205 7098e750 19206 7098e75d 19205->19206 19208 70991631 __set_error_mode 67 API calls 19205->19208 19207 7098e5bf __FF_MSGBANNER 67 API calls 19206->19207 19211 7098d9ab 19206->19211 19209 7098e775 19207->19209 19208->19206 19210 7098e5bf __FF_MSGBANNER 67 API calls 19209->19210 19210->19211 19212 7098e5bf 19211->19212 19213 7098e5d3 19212->19213 19214 7098d9b2 19213->19214 19215 70991631 __set_error_mode 64 API calls 19213->19215 19246 70989a15 19214->19246 19216 7098e5f5 19215->19216 19217 7098e709 GetStdHandle 19216->19217 19218 70991631 __set_error_mode 64 API calls 19216->19218 19217->19214 19219 7098e717 19217->19219 19220 7098e606 19218->19220 19219->19214 19222 7098e72f WriteFile 19219->19222 19220->19217 19221 7098e618 19220->19221 19221->19214 19302 7098ebb0 19221->19302 19222->19214 19225 7098e64e GetModuleFileNameA 19226 7098e66b 19225->19226 19227 7098e68e 19225->19227 19230 7098ebb0 _strcpy_s 64 API calls 19226->19230 19314 7098ff0b 19227->19314 19232 7098e67b 19230->19232 19232->19227 19235 7098c94b __mtinitlocknum 5 API calls 19232->19235 19234 7098e6ac 19237 7098ff0b _strcat_s 64 API calls 19234->19237 19235->19227 19236 7098c94b __mtinitlocknum 5 API calls 19236->19234 19238 7098e6bb 19237->19238 19239 7098e6cc 19238->19239 19240 7098c94b __mtinitlocknum 5 API calls 19238->19240 19241 7098ff0b _strcat_s 64 API calls 19239->19241 19240->19239 19242 7098e6e0 19241->19242 19243 7098e6f1 19242->19243 19244 7098c94b __mtinitlocknum 5 API calls 19242->19244 19323 7099148a 19243->19323 19244->19243 19395 709899e5 GetModuleHandleA 19246->19395 19250 70988c51 19249->19250 19259 70988bb0 19249->19259 19251 709897fc _malloc 6 API calls 19250->19251 19252 70988c57 19251->19252 19253 7098ca4d __lseeki64 66 API calls 19252->19253 19265 70988c49 19253->19265 19254 7098e749 __FF_MSGBANNER 66 API calls 19254->19259 19255 7098e5bf __FF_MSGBANNER 66 API calls 19255->19259 19257 70988c0d HeapAlloc 19257->19259 19258 70989a15 _malloc 3 API calls 19258->19259 19259->19254 19259->19255 19259->19257 19259->19258 19260 70988c3d 19259->19260 19261 709897fc _malloc 6 API calls 19259->19261 19263 70988c42 19259->19263 19259->19265 19398 70988b4a 19259->19398 19262 7098ca4d __lseeki64 66 API calls 19260->19262 19261->19259 19262->19263 19264 7098ca4d __lseeki64 66 API calls 19263->19264 19264->19265 19265->19178 19265->19179 19267 7098eeb7 __lseeki64 19266->19267 19268 70989d53 __amsg_exit 6 API calls 19267->19268 19269 7098eec7 19268->19269 19270 70989a70 __get_wpgmptr 64 API calls 19269->19270 19278 7098ef2a __lseeki64 19269->19278 19271 7098eed7 19270->19271 19272 7098eee6 19271->19272 19274 7098c94b __mtinitlocknum 5 API calls 19271->19274 19273 7098eeef GetModuleHandleW 19272->19273 19277 7098ef1f 19272->19277 19275 7098ef0d GetProcAddress 19273->19275 19276 7098ef02 GetModuleHandleW 19273->19276 19274->19272 19275->19277 19276->19275 19276->19277 19279 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19277->19279 19278->19191 19279->19278 19281 70988ac3 __lseeki64 19280->19281 19282 70988b02 19281->19282 19284 7098da52 __lock 65 API calls 19281->19284 19285 70988b3c _realloc __lseeki64 19281->19285 19283 70988b17 HeapFree 19282->19283 19282->19285 19283->19285 19286 70988b29 19283->19286 19289 70988ada ___sbh_find_block 19284->19289 19285->19194 19287 7098ca4d __lseeki64 65 API calls 19286->19287 19288 70988b2e GetLastError 19287->19288 19288->19285 19292 70988af4 19289->19292 19410 7098db12 19289->19410 19417 70988b0d 19292->19417 19425 7098d96e LeaveCriticalSection 19293->19425 19295 7098da4b 19295->19180 19297 70991640 19296->19297 19298 7099164a 19297->19298 19299 7098ca4d __lseeki64 67 API calls 19297->19299 19298->19205 19300 70991663 19299->19300 19301 7098c9f6 __lseeki64 5 API calls 19300->19301 19301->19298 19303 7098ebc8 19302->19303 19304 7098ebc1 19302->19304 19305 7098ca4d __lseeki64 67 API calls 19303->19305 19304->19303 19309 7098ebee 19304->19309 19306 7098ebcd 19305->19306 19307 7098c9f6 __lseeki64 5 API calls 19306->19307 19308 7098e63a 19307->19308 19308->19225 19311 7098c94b OutputDebugStringA 19308->19311 19309->19308 19310 7098ca4d __lseeki64 67 API calls 19309->19310 19310->19306 19312 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19311->19312 19313 7098c9ef 19312->19313 19313->19225 19315 7098ff23 19314->19315 19317 7098ff1c 19314->19317 19316 7098ca4d __lseeki64 67 API calls 19315->19316 19322 7098ff28 19316->19322 19317->19315 19320 7098ff57 19317->19320 19318 7098c9f6 __lseeki64 5 API calls 19319 7098e699 19318->19319 19319->19234 19319->19236 19320->19319 19321 7098ca4d __lseeki64 67 API calls 19320->19321 19321->19322 19322->19318 19360 70989d45 19323->19360 19326 709914b4 LoadLibraryExA 19327 709914ce GetProcAddress 19326->19327 19337 709914c7 19326->19337 19329 709914e0 19327->19329 19327->19337 19328 709915dc 19334 70989d53 __amsg_exit 6 API calls 19328->19334 19350 709915c1 19328->19350 19363 70989ccd TlsGetValue 19329->19363 19330 7099155d 19330->19328 19379 70989d53 TlsGetValue 19330->19379 19333 70989d53 __amsg_exit 6 API calls 19333->19337 19342 709915eb 19334->19342 19337->19214 19338 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19339 709914fb GetProcAddress 19338->19339 19340 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19339->19340 19344 70991510 19340->19344 19341 709915a9 19389 70989ab1 19341->19389 19346 70989d53 __amsg_exit 6 API calls 19342->19346 19342->19350 19373 70989a70 19344->19373 19345 70989d53 __amsg_exit 6 API calls 19349 7099159c 19345->19349 19346->19350 19349->19328 19349->19341 19350->19333 19352 7098c94b __mtinitlocknum 5 API calls 19352->19350 19353 7099152e 19353->19330 19354 70991537 GetProcAddress 19353->19354 19356 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19354->19356 19355 7098c94b __mtinitlocknum 5 API calls 19355->19353 19357 70991545 19356->19357 19357->19330 19358 7099154f GetProcAddress 19357->19358 19359 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19358->19359 19359->19330 19361 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19360->19361 19362 70989d4c 19361->19362 19362->19326 19362->19330 19364 70989ce5 19363->19364 19365 70989d06 GetModuleHandleW 19363->19365 19364->19365 19366 70989cef TlsGetValue 19364->19366 19367 70989d22 GetProcAddress 19365->19367 19368 70989d17 GetModuleHandleW 19365->19368 19372 70989cfa 19366->19372 19369 70989cfe 19367->19369 19368->19367 19370 70989d3a GetProcAddress 19368->19370 19369->19370 19371 70989d32 RtlEncodePointer 19369->19371 19370->19338 19371->19370 19372->19365 19372->19369 19374 70989a7f 19373->19374 19375 7098ca4d __lseeki64 67 API calls 19374->19375 19376 70989a94 19374->19376 19377 70989a84 19375->19377 19376->19353 19376->19355 19378 7098c9f6 __lseeki64 5 API calls 19377->19378 19378->19376 19380 70989d6b 19379->19380 19381 70989d8c GetModuleHandleW 19379->19381 19380->19381 19384 70989d75 TlsGetValue 19380->19384 19382 70989da8 GetProcAddress 19381->19382 19383 70989d9d GetModuleHandleW 19381->19383 19386 70989d84 19382->19386 19383->19382 19385 70989dc0 19383->19385 19388 70989d80 19384->19388 19385->19341 19385->19345 19386->19385 19387 70989db8 RtlDecodePointer 19386->19387 19387->19385 19388->19381 19388->19386 19390 70989ac0 19389->19390 19391 70989ad5 19390->19391 19392 7098ca4d __lseeki64 67 API calls 19390->19392 19391->19350 19391->19352 19393 70989ac5 19392->19393 19394 7098c9f6 __lseeki64 5 API calls 19393->19394 19394->19391 19396 709899f9 GetProcAddress 19395->19396 19397 70989a09 ExitProcess 19395->19397 19396->19397 19399 70988b56 __lseeki64 19398->19399 19400 70988b87 __lseeki64 19399->19400 19401 7098da52 __lock 67 API calls 19399->19401 19400->19259 19402 70988b6c 19401->19402 19403 7098e2d5 ___sbh_alloc_block 5 API calls 19402->19403 19404 70988b77 19403->19404 19406 70988b90 19404->19406 19409 7098d96e LeaveCriticalSection 19406->19409 19408 70988b97 19408->19400 19409->19408 19411 7098db51 19410->19411 19413 7098ddf3 19410->19413 19412 7098dd3d VirtualFree 19411->19412 19411->19413 19414 7098dda1 19412->19414 19413->19292 19414->19413 19415 7098ddb0 VirtualFree HeapFree 19414->19415 19420 70988470 19415->19420 19424 7098d96e LeaveCriticalSection 19417->19424 19419 70988b14 19419->19282 19421 70988488 19420->19421 19422 709884af __VEC_memcpy 19421->19422 19423 709884b7 19421->19423 19422->19423 19423->19413 19424->19419 19425->19295 19427 7098de40 HeapReAlloc 19426->19427 19428 7098de74 HeapAlloc 19426->19428 19429 7098de5e 19427->19429 19430 7098de62 19427->19430 19428->19429 19431 7098de97 VirtualAlloc 19428->19431 19429->19159 19430->19428 19431->19429 19432 7098deb1 HeapFree 19431->19432 19432->19429 19434 7098def9 VirtualAlloc 19433->19434 19436 7098df40 19434->19436 19436->19157 19437->19162 19452 70989dd9 TlsGetValue 19438->19452 19441 70989f3c 19442 70989f87 SetLastError 19441->19442 19457 7098ef9d 19441->19457 19442->19142 19445 70989d53 __amsg_exit 6 API calls 19446 70989f68 19445->19446 19447 70989f7e 19446->19447 19448 70989f6f 19446->19448 19450 70988ab7 ___freetlocinfo 64 API calls 19447->19450 19462 70989e4a 19448->19462 19451 70989f77 19450->19451 19451->19442 19453 70989de9 19452->19453 19454 70989e02 TlsGetValue 19452->19454 19455 70989d53 __amsg_exit 6 API calls 19453->19455 19454->19441 19456 70989df4 TlsSetValue 19455->19456 19456->19454 19459 7098efa6 19457->19459 19458 709890ff __calloc_impl 66 API calls 19458->19459 19459->19458 19460 70989f4e 19459->19460 19461 7098efc4 Sleep 19459->19461 19460->19442 19460->19445 19461->19459 19475 70988d28 19462->19475 19464 70989e56 GetModuleHandleW 19465 70989e6a GetModuleHandleW 19464->19465 19466 70989e74 19464->19466 19465->19466 19467 70989e8a GetProcAddress GetProcAddress 19466->19467 19468 70989eb0 InterlockedIncrement 19466->19468 19467->19468 19469 7098da52 __lock 62 API calls 19468->19469 19470 70989ed7 19469->19470 19476 7098c69c InterlockedIncrement 19470->19476 19472 70989ef6 19488 70989f09 19472->19488 19474 70989f03 __lseeki64 19474->19451 19475->19464 19477 7098c6ba InterlockedIncrement 19476->19477 19478 7098c6bd 19476->19478 19477->19478 19479 7098c6ca 19478->19479 19480 7098c6c7 InterlockedIncrement 19478->19480 19481 7098c6d4 InterlockedIncrement 19479->19481 19482 7098c6d7 19479->19482 19480->19479 19481->19482 19483 7098c6e1 InterlockedIncrement 19482->19483 19484 7098c6e4 19482->19484 19483->19484 19485 7098c6fd InterlockedIncrement 19484->19485 19486 7098c70d InterlockedIncrement 19484->19486 19487 7098c718 InterlockedIncrement 19484->19487 19485->19484 19486->19484 19487->19472 19491 7098d96e LeaveCriticalSection 19488->19491 19490 70989f10 19490->19474 19491->19490 19492 70435edb 19495 70435e63 TlsGetValue 19492->19495 19496 70435e7b 19495->19496 19497 70435e9c GetModuleHandleW 19495->19497 19496->19497 19500 70435e85 TlsGetValue 19496->19500 19498 70435eb8 GetProcAddress 19497->19498 19499 70435ead GetModuleHandleW 19497->19499 19502 70435e94 19498->19502 19499->19498 19501 70435ed0 19499->19501 19503 70435e90 19500->19503 19502->19501 19504 70435ec8 RtlEncodePointer 19502->19504 19503->19497 19503->19502 19504->19501 19505 70987630 19506 70987731 19505->19506 19507 70987653 GetVersionExA 19505->19507 19508 7098776c 19506->19508 19509 70987737 19506->19509 19510 70987675 19507->19510 19540 7098766e 19507->19540 19511 709877bd 19508->19511 19512 70987771 19508->19512 19514 70987756 19509->19514 19509->19540 19696 70989c72 19509->19696 19557 7098ab3f HeapCreate 19510->19557 19516 709877c2 19511->19516 19511->19540 19517 70989dd9 ___set_flsgetvalue 8 API calls 19512->19517 19520 7098775b 19514->19520 19514->19540 19515 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 19519 709877d8 19515->19519 19699 7098a107 19516->19699 19522 70987776 19517->19522 19525 7098a538 68 API calls 19520->19525 19523 70989222 __crtGetStringTypeA_stat 67 API calls 19522->19523 19526 70987782 19523->19526 19524 709876c7 19524->19540 19567 7098a17a GetModuleHandleW 19524->19567 19528 70987760 19525->19528 19529 7098778e 19526->19529 19526->19540 19531 70989e08 __mtterm 70 API calls 19528->19531 19532 70989d53 __amsg_exit 6 API calls 19529->19532 19535 70987765 19531->19535 19536 709877a0 19532->19536 19533 709876dc GetCommandLineA 19601 7098a9a1 19533->19601 19534 709876d5 19674 7098aba4 19534->19674 19538 7098aba4 __heap_term 4 API calls 19535->19538 19543 709877b1 19536->19543 19544 709877a7 19536->19544 19538->19540 19540->19515 19547 70988ab7 ___freetlocinfo 67 API calls 19543->19547 19546 70989e4a __getptd 67 API calls 19544->19546 19545 709876f6 19548 709876fa 19545->19548 19644 7098a8ad 19545->19644 19546->19540 19547->19540 19680 70989e08 19548->19680 19552 7098771a 19552->19540 19691 7098a538 19552->19691 19558 7098ab63 19557->19558 19559 7098ab67 19557->19559 19558->19524 19710 7098aadd 19559->19710 19562 7098ab9a 19562->19524 19563 7098ab76 19719 7098da8a HeapAlloc 19563->19719 19566 7098ab85 HeapDestroy 19566->19558 19568 7098a192 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 19567->19568 19570 7098a1cc TlsAlloc 19567->19570 19568->19570 19571 709876d1 19570->19571 19572 7098a226 TlsSetValue 19570->19572 19571->19533 19571->19534 19572->19571 19573 7098a233 19572->19573 19721 70989c86 19573->19721 19576 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19577 7098a243 19576->19577 19578 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19577->19578 19579 7098a253 19578->19579 19580 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19579->19580 19581 7098a263 19580->19581 19582 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19581->19582 19583 7098a273 19582->19583 19729 7098d8bc 19583->19729 19586 7098a284 19587 70989e08 __mtterm 70 API calls 19586->19587 19587->19571 19588 70989d53 __amsg_exit 6 API calls 19589 7098a29f 19588->19589 19589->19586 19590 7098a2ac 19589->19590 19591 7098ef9d __calloc_crt 67 API calls 19590->19591 19592 7098a2b8 19591->19592 19592->19586 19593 70989d53 __amsg_exit 6 API calls 19592->19593 19594 7098a2d2 19593->19594 19595 7098a2d9 19594->19595 19596 7098a2e2 19594->19596 19597 70988ab7 ___freetlocinfo 67 API calls 19595->19597 19598 70989e4a __getptd 67 API calls 19596->19598 19599 7098a2df 19597->19599 19600 7098a2e9 19598->19600 19599->19586 19600->19571 19602 7098a9de 19601->19602 19603 7098a9bf GetEnvironmentStringsW 19601->19603 19605 7098a9c7 19602->19605 19607 7098aa77 19602->19607 19604 7098a9d3 GetLastError 19603->19604 19603->19605 19604->19602 19606 7098a9fa GetEnvironmentStringsW 19605->19606 19612 7098aa09 19605->19612 19609 709876ec 19606->19609 19606->19612 19608 7098aa80 GetEnvironmentStrings 19607->19608 19607->19609 19608->19609 19610 7098aa90 19608->19610 19627 7098a2f9 19609->19627 19616 70988b9e _malloc 67 API calls 19610->19616 19611 7098aa1e WideCharToMultiByte 19613 7098aa6c FreeEnvironmentStringsW 19611->19613 19614 7098aa3d 19611->19614 19612->19611 19612->19612 19613->19609 19617 70988b9e _malloc 67 API calls 19614->19617 19618 7098aaaa 19616->19618 19619 7098aa43 19617->19619 19620 7098aabd _realloc 19618->19620 19621 7098aab1 FreeEnvironmentStringsA 19618->19621 19619->19613 19622 7098aa4b WideCharToMultiByte 19619->19622 19625 7098aac7 FreeEnvironmentStringsA 19620->19625 19621->19609 19623 7098aa65 19622->19623 19624 7098aa5d 19622->19624 19623->19613 19626 70988ab7 ___freetlocinfo 67 API calls 19624->19626 19625->19609 19626->19623 19739 70988d28 19627->19739 19629 7098a305 GetStartupInfoA 19630 70989222 __crtGetStringTypeA_stat 67 API calls 19629->19630 19636 7098a326 19630->19636 19631 7098a52a __lseeki64 19631->19545 19632 7098a4a6 GetStdHandle 19638 7098a470 19632->19638 19633 7098a50c SetHandleCount 19633->19631 19634 70989222 __crtGetStringTypeA_stat 67 API calls 19634->19636 19635 7098a4b8 GetFileType 19635->19638 19636->19631 19636->19634 19637 7098a3f2 19636->19637 19636->19638 19637->19638 19640 7098a41b GetFileType 19637->19640 19641 7098a426 19637->19641 19638->19632 19638->19633 19638->19635 19642 7098a4cf 19638->19642 19639 7098eeab __mtinitlocknum 67 API calls 19639->19642 19640->19637 19640->19641 19641->19631 19641->19637 19643 7098eeab __mtinitlocknum 67 API calls 19641->19643 19642->19631 19642->19638 19642->19639 19643->19641 19645 7098a8c8 19644->19645 19646 7098a8cd GetModuleFileNameA 19644->19646 19746 7098c52b 19645->19746 19648 7098a8f4 19646->19648 19740 7098a6c6 19648->19740 19650 70987706 19650->19552 19657 7098a58b 19650->19657 19651 7098a90f 19651->19650 19652 7098a95b 19651->19652 19653 70988b9e _malloc 67 API calls 19652->19653 19654 7098a963 19653->19654 19654->19650 19655 7098a6c6 77 API calls 19654->19655 19656 7098a97e 19655->19656 19656->19650 19658 7098a59e 19657->19658 19662 7098a5a3 19657->19662 19659 7098c52b ___initmbctable 110 API calls 19658->19659 19659->19662 19660 70989222 __crtGetStringTypeA_stat 67 API calls 19665 7098a5ec 19660->19665 19661 7098770f 19661->19552 19668 70989af7 19661->19668 19662->19660 19662->19661 19663 7098a66a 19664 70988ab7 ___freetlocinfo 67 API calls 19663->19664 19664->19661 19665->19661 19665->19663 19666 7098ebb0 _strcpy_s 67 API calls 19665->19666 19667 7098c94b __mtinitlocknum 5 API calls 19665->19667 19666->19665 19667->19665 19669 70989b05 __except_handler4 19668->19669 20279 7098ec1d 19669->20279 19672 70989d45 _raise 6 API calls 19673 70989b28 __initterm_e __except_handler4 __initterm 19672->19673 19673->19552 19675 7098abad 19674->19675 19676 7098ac04 HeapDestroy 19674->19676 19677 7098abf2 HeapFree 19675->19677 19678 7098abc9 VirtualFree HeapFree 19675->19678 19676->19540 19677->19676 19678->19678 19679 7098abf1 19678->19679 19679->19677 19681 70989e12 19680->19681 19684 70989e1e 19680->19684 19682 70989d53 __amsg_exit 6 API calls 19681->19682 19682->19684 19683 70989e32 TlsFree 19688 70989e40 19683->19688 19684->19683 19684->19688 19685 7098d946 19689 7098d958 DeleteCriticalSection 19685->19689 19690 7098d966 19685->19690 19686 7098d92e DeleteCriticalSection 19687 70988ab7 ___freetlocinfo 67 API calls 19686->19687 19687->19688 19688->19685 19688->19686 19689->19685 19690->19534 19692 7098a541 19691->19692 19693 7098a583 19692->19693 19694 7098a555 DeleteCriticalSection 19692->19694 19695 70988ab7 ___freetlocinfo 67 API calls 19692->19695 19693->19548 19694->19692 19695->19692 20283 70989b84 19696->20283 19698 70989c7d 19698->19514 19700 7098a160 19699->19700 19701 7098a115 19699->19701 19704 7098a16a TlsSetValue 19700->19704 19705 7098a173 19700->19705 19702 7098a11b TlsGetValue 19701->19702 19703 7098a13e 19701->19703 19702->19703 19706 7098a12e TlsGetValue 19702->19706 19707 70989d53 __amsg_exit 6 API calls 19703->19707 19704->19705 19705->19540 19706->19703 19708 7098a155 19707->19708 20303 70989fb7 19708->20303 19711 70989a70 __get_wpgmptr 67 API calls 19710->19711 19712 7098aaf6 19711->19712 19713 7098c94b __mtinitlocknum 5 API calls 19712->19713 19715 7098ab05 19712->19715 19713->19715 19714 70989ab1 __get_amblksiz 67 API calls 19716 7098ab11 19714->19716 19715->19714 19717 7098ab20 19716->19717 19718 7098c94b __mtinitlocknum 5 API calls 19716->19718 19717->19562 19717->19563 19718->19717 19720 7098ab80 19719->19720 19720->19562 19720->19566 19722 70989d45 _raise 6 API calls 19721->19722 19723 70989c8e __initp_misc_winsig 19722->19723 19724 70989ca8 ?LastReferenceReleased@AdbObjectHandle@ 19723->19724 19733 7098ad46 19724->19733 19727 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19728 70989cbe 19727->19728 19728->19576 19730 7098d8c7 19729->19730 19731 7098a280 19730->19731 19736 7098ef84 19730->19736 19731->19586 19731->19588 19734 70989ccd __initp_misc_cfltcvt_tab 6 API calls 19733->19734 19735 70989cb4 19734->19735 19735->19727 19737 7098eeab __mtinitlocknum 67 API calls 19736->19737 19738 7098ef94 19737->19738 19738->19730 19739->19629 19743 7098a6ed 19740->19743 19742 7098a771 19744 7098a891 19742->19744 19745 7098f046 77 API calls 19742->19745 19743->19742 19750 7098f046 19743->19750 19744->19651 19745->19742 19747 7098c534 19746->19747 19748 7098c53b 19746->19748 20074 7098c38c 19747->20074 19748->19646 19753 7098efee 19750->19753 19756 709887da 19753->19756 19757 709887ed 19756->19757 19760 70988846 19756->19760 19758 70989f17 __getptd 67 API calls 19757->19758 19759 709887f2 19758->19759 19759->19760 19762 70988822 19759->19762 19764 7098c811 19759->19764 19760->19743 19762->19760 19779 7098c09f 19762->19779 19765 7098c81d __lseeki64 19764->19765 19795 70989f98 19765->19795 19768 7098c839 19770 7098da52 __lock 67 API calls 19768->19770 19769 7098c870 19771 70989f98 __getptd 67 API calls 19769->19771 19772 7098c840 19770->19772 19774 7098c862 19771->19774 19800 7098c7ce 19772->19800 19776 7098c883 __lseeki64 19774->19776 19777 709899b7 __amsg_exit 67 API calls 19774->19777 19776->19762 19777->19776 19780 7098c0ab __lseeki64 19779->19780 19781 70989f98 __getptd 67 API calls 19780->19781 19782 7098c0b0 19781->19782 19783 7098c123 19782->19783 19784 7098da52 __lock 67 API calls 19782->19784 19785 7098c141 __lseeki64 19783->19785 19787 709899b7 __amsg_exit 67 API calls 19783->19787 19786 7098c0ce 19784->19786 19785->19760 19788 7098c117 19786->19788 19789 7098c0ff InterlockedIncrement 19786->19789 19790 7098c0e5 InterlockedDecrement 19786->19790 19787->19785 20070 7098c128 19788->20070 19789->19788 19790->19789 19792 7098c0f0 19790->19792 19792->19789 19793 70988ab7 ___freetlocinfo 67 API calls 19792->19793 19794 7098c0fe 19793->19794 19794->19789 19796 70989f17 __getptd 67 API calls 19795->19796 19797 70989fa0 19796->19797 19798 70989fad 19797->19798 19799 709899b7 __amsg_exit 67 API calls 19797->19799 19798->19768 19798->19769 19799->19798 19801 7098c7d2 19800->19801 19807 7098c804 19800->19807 19802 7098c69c ___addlocaleref 8 API calls 19801->19802 19801->19807 19803 7098c7e5 19802->19803 19803->19807 19811 7098c730 19803->19811 19808 7098c867 19807->19808 20069 7098d96e LeaveCriticalSection 19808->20069 19810 7098c86e 19810->19774 19812 7098c741 InterlockedDecrement 19811->19812 19813 7098c7c4 19811->19813 19814 7098c759 19812->19814 19815 7098c756 InterlockedDecrement 19812->19815 19813->19807 19825 7098c54e 19813->19825 19816 7098c763 InterlockedDecrement 19814->19816 19817 7098c766 19814->19817 19815->19814 19816->19817 19818 7098c770 InterlockedDecrement 19817->19818 19819 7098c773 19817->19819 19818->19819 19820 7098c77d InterlockedDecrement 19819->19820 19822 7098c780 19819->19822 19820->19822 19821 7098c799 InterlockedDecrement 19821->19822 19822->19821 19823 7098c7a9 InterlockedDecrement 19822->19823 19824 7098c7b4 InterlockedDecrement 19822->19824 19823->19822 19824->19813 19826 7098c5d2 19825->19826 19832 7098c565 19825->19832 19827 70988ab7 ___freetlocinfo 67 API calls 19826->19827 19828 7098c61f 19826->19828 19829 7098c5f3 19827->19829 19844 7098c646 19828->19844 19895 7098fa1e 19828->19895 19831 70988ab7 ___freetlocinfo 67 API calls 19829->19831 19834 7098c606 19831->19834 19832->19826 19837 70988ab7 ___freetlocinfo 67 API calls 19832->19837 19851 7098c599 19832->19851 19839 70988ab7 ___freetlocinfo 67 API calls 19834->19839 19835 70988ab7 ___freetlocinfo 67 API calls 19841 7098c5c7 19835->19841 19836 7098c68b 19842 70988ab7 ___freetlocinfo 67 API calls 19836->19842 19843 7098c58e 19837->19843 19838 70988ab7 ___freetlocinfo 67 API calls 19838->19844 19847 7098c614 19839->19847 19840 70988ab7 ___freetlocinfo 67 API calls 19848 7098c5af 19840->19848 19850 70988ab7 ___freetlocinfo 67 API calls 19841->19850 19845 7098c691 19842->19845 19855 7098fe08 19843->19855 19844->19836 19849 70988ab7 67 API calls ___freetlocinfo 19844->19849 19845->19807 19852 70988ab7 ___freetlocinfo 67 API calls 19847->19852 19883 7098fd9a 19848->19883 19849->19844 19850->19826 19851->19840 19854 7098c5ba 19851->19854 19852->19828 19854->19835 19856 7098fe19 19855->19856 19882 7098ff02 19855->19882 19857 7098fe2a 19856->19857 19859 70988ab7 ___freetlocinfo 67 API calls 19856->19859 19858 7098fe3c 19857->19858 19860 70988ab7 ___freetlocinfo 67 API calls 19857->19860 19861 7098fe4e 19858->19861 19862 70988ab7 ___freetlocinfo 67 API calls 19858->19862 19859->19857 19860->19858 19863 7098fe60 19861->19863 19864 70988ab7 ___freetlocinfo 67 API calls 19861->19864 19862->19861 19865 7098fe72 19863->19865 19866 70988ab7 ___freetlocinfo 67 API calls 19863->19866 19864->19863 19867 70988ab7 ___freetlocinfo 67 API calls 19865->19867 19868 7098fe84 19865->19868 19866->19865 19867->19868 19869 70988ab7 ___freetlocinfo 67 API calls 19868->19869 19871 7098fe96 19868->19871 19869->19871 19870 7098fea8 19873 7098feba 19870->19873 19875 70988ab7 ___freetlocinfo 67 API calls 19870->19875 19871->19870 19872 70988ab7 ___freetlocinfo 67 API calls 19871->19872 19872->19870 19874 7098fecc 19873->19874 19876 70988ab7 ___freetlocinfo 67 API calls 19873->19876 19877 7098fede 19874->19877 19878 70988ab7 ___freetlocinfo 67 API calls 19874->19878 19875->19873 19876->19874 19879 7098fef0 19877->19879 19880 70988ab7 ___freetlocinfo 67 API calls 19877->19880 19878->19877 19881 70988ab7 ___freetlocinfo 67 API calls 19879->19881 19879->19882 19880->19879 19881->19882 19882->19851 19884 7098fda7 19883->19884 19894 7098fdff 19883->19894 19885 7098fdb7 19884->19885 19886 70988ab7 ___freetlocinfo 67 API calls 19884->19886 19887 70988ab7 ___freetlocinfo 67 API calls 19885->19887 19888 7098fdc9 19885->19888 19886->19885 19887->19888 19889 70988ab7 ___freetlocinfo 67 API calls 19888->19889 19891 7098fddb 19888->19891 19889->19891 19890 7098fded 19893 70988ab7 ___freetlocinfo 67 API calls 19890->19893 19890->19894 19891->19890 19892 70988ab7 ___freetlocinfo 67 API calls 19891->19892 19892->19890 19893->19894 19894->19854 19896 7098fa2f 19895->19896 20068 7098c63f 19895->20068 19897 70988ab7 ___freetlocinfo 67 API calls 19896->19897 19898 7098fa37 19897->19898 19899 70988ab7 ___freetlocinfo 67 API calls 19898->19899 19900 7098fa3f 19899->19900 19901 70988ab7 ___freetlocinfo 67 API calls 19900->19901 19902 7098fa47 19901->19902 19903 70988ab7 ___freetlocinfo 67 API calls 19902->19903 19904 7098fa4f 19903->19904 19905 70988ab7 ___freetlocinfo 67 API calls 19904->19905 19906 7098fa57 19905->19906 19907 70988ab7 ___freetlocinfo 67 API calls 19906->19907 19908 7098fa5f 19907->19908 19909 70988ab7 ___freetlocinfo 67 API calls 19908->19909 19910 7098fa66 19909->19910 19911 70988ab7 ___freetlocinfo 67 API calls 19910->19911 19912 7098fa6e 19911->19912 19913 70988ab7 ___freetlocinfo 67 API calls 19912->19913 19914 7098fa76 19913->19914 19915 70988ab7 ___freetlocinfo 67 API calls 19914->19915 19916 7098fa7e 19915->19916 19917 70988ab7 ___freetlocinfo 67 API calls 19916->19917 19918 7098fa86 19917->19918 19919 70988ab7 ___freetlocinfo 67 API calls 19918->19919 19920 7098fa8e 19919->19920 19921 70988ab7 ___freetlocinfo 67 API calls 19920->19921 19922 7098fa96 19921->19922 19923 70988ab7 ___freetlocinfo 67 API calls 19922->19923 19924 7098fa9e 19923->19924 19925 70988ab7 ___freetlocinfo 67 API calls 19924->19925 19926 7098faa6 19925->19926 19927 70988ab7 ___freetlocinfo 67 API calls 19926->19927 19928 7098faae 19927->19928 19929 70988ab7 ___freetlocinfo 67 API calls 19928->19929 19930 7098fab9 19929->19930 19931 70988ab7 ___freetlocinfo 67 API calls 19930->19931 19932 7098fac1 19931->19932 19933 70988ab7 ___freetlocinfo 67 API calls 19932->19933 19934 7098fac9 19933->19934 19935 70988ab7 ___freetlocinfo 67 API calls 19934->19935 19936 7098fad1 19935->19936 19937 70988ab7 ___freetlocinfo 67 API calls 19936->19937 19938 7098fad9 19937->19938 19939 70988ab7 ___freetlocinfo 67 API calls 19938->19939 19940 7098fae1 19939->19940 19941 70988ab7 ___freetlocinfo 67 API calls 19940->19941 19942 7098fae9 19941->19942 19943 70988ab7 ___freetlocinfo 67 API calls 19942->19943 19944 7098faf1 19943->19944 19945 70988ab7 ___freetlocinfo 67 API calls 19944->19945 19946 7098faf9 19945->19946 19947 70988ab7 ___freetlocinfo 67 API calls 19946->19947 19948 7098fb01 19947->19948 19949 70988ab7 ___freetlocinfo 67 API calls 19948->19949 19950 7098fb09 19949->19950 19951 70988ab7 ___freetlocinfo 67 API calls 19950->19951 19952 7098fb11 19951->19952 19953 70988ab7 ___freetlocinfo 67 API calls 19952->19953 19954 7098fb19 19953->19954 19955 70988ab7 ___freetlocinfo 67 API calls 19954->19955 19956 7098fb21 19955->19956 19957 70988ab7 ___freetlocinfo 67 API calls 19956->19957 19958 7098fb29 19957->19958 19959 70988ab7 ___freetlocinfo 67 API calls 19958->19959 19960 7098fb31 19959->19960 19961 70988ab7 ___freetlocinfo 67 API calls 19960->19961 19962 7098fb3f 19961->19962 19963 70988ab7 ___freetlocinfo 67 API calls 19962->19963 19964 7098fb4a 19963->19964 19965 70988ab7 ___freetlocinfo 67 API calls 19964->19965 19966 7098fb55 19965->19966 19967 70988ab7 ___freetlocinfo 67 API calls 19966->19967 19968 7098fb60 19967->19968 19969 70988ab7 ___freetlocinfo 67 API calls 19968->19969 19970 7098fb6b 19969->19970 19971 70988ab7 ___freetlocinfo 67 API calls 19970->19971 19972 7098fb76 19971->19972 19973 70988ab7 ___freetlocinfo 67 API calls 19972->19973 19974 7098fb81 19973->19974 19975 70988ab7 ___freetlocinfo 67 API calls 19974->19975 19976 7098fb8c 19975->19976 19977 70988ab7 ___freetlocinfo 67 API calls 19976->19977 19978 7098fb97 19977->19978 19979 70988ab7 ___freetlocinfo 67 API calls 19978->19979 19980 7098fba2 19979->19980 19981 70988ab7 ___freetlocinfo 67 API calls 19980->19981 19982 7098fbad 19981->19982 19983 70988ab7 ___freetlocinfo 67 API calls 19982->19983 19984 7098fbb8 19983->19984 19985 70988ab7 ___freetlocinfo 67 API calls 19984->19985 19986 7098fbc3 19985->19986 19987 70988ab7 ___freetlocinfo 67 API calls 19986->19987 19988 7098fbce 19987->19988 19989 70988ab7 ___freetlocinfo 67 API calls 19988->19989 19990 7098fbd9 19989->19990 19991 70988ab7 ___freetlocinfo 67 API calls 19990->19991 19992 7098fbe4 19991->19992 19993 70988ab7 ___freetlocinfo 67 API calls 19992->19993 19994 7098fbf2 19993->19994 19995 70988ab7 ___freetlocinfo 67 API calls 19994->19995 19996 7098fbfd 19995->19996 19997 70988ab7 ___freetlocinfo 67 API calls 19996->19997 19998 7098fc08 19997->19998 19999 70988ab7 ___freetlocinfo 67 API calls 19998->19999 20000 7098fc13 19999->20000 20001 70988ab7 ___freetlocinfo 67 API calls 20000->20001 20002 7098fc1e 20001->20002 20003 70988ab7 ___freetlocinfo 67 API calls 20002->20003 20004 7098fc29 20003->20004 20005 70988ab7 ___freetlocinfo 67 API calls 20004->20005 20006 7098fc34 20005->20006 20007 70988ab7 ___freetlocinfo 67 API calls 20006->20007 20008 7098fc3f 20007->20008 20009 70988ab7 ___freetlocinfo 67 API calls 20008->20009 20010 7098fc4a 20009->20010 20011 70988ab7 ___freetlocinfo 67 API calls 20010->20011 20012 7098fc55 20011->20012 20013 70988ab7 ___freetlocinfo 67 API calls 20012->20013 20014 7098fc60 20013->20014 20015 70988ab7 ___freetlocinfo 67 API calls 20014->20015 20016 7098fc6b 20015->20016 20017 70988ab7 ___freetlocinfo 67 API calls 20016->20017 20018 7098fc76 20017->20018 20019 70988ab7 ___freetlocinfo 67 API calls 20018->20019 20020 7098fc81 20019->20020 20021 70988ab7 ___freetlocinfo 67 API calls 20020->20021 20022 7098fc8c 20021->20022 20023 70988ab7 ___freetlocinfo 67 API calls 20022->20023 20024 7098fc97 20023->20024 20025 70988ab7 ___freetlocinfo 67 API calls 20024->20025 20026 7098fca5 20025->20026 20027 70988ab7 ___freetlocinfo 67 API calls 20026->20027 20028 7098fcb0 20027->20028 20029 70988ab7 ___freetlocinfo 67 API calls 20028->20029 20030 7098fcbb 20029->20030 20031 70988ab7 ___freetlocinfo 67 API calls 20030->20031 20032 7098fcc6 20031->20032 20033 70988ab7 ___freetlocinfo 67 API calls 20032->20033 20034 7098fcd1 20033->20034 20035 70988ab7 ___freetlocinfo 67 API calls 20034->20035 20036 7098fcdc 20035->20036 20037 70988ab7 ___freetlocinfo 67 API calls 20036->20037 20038 7098fce7 20037->20038 20039 70988ab7 ___freetlocinfo 67 API calls 20038->20039 20040 7098fcf2 20039->20040 20041 70988ab7 ___freetlocinfo 67 API calls 20040->20041 20042 7098fcfd 20041->20042 20043 70988ab7 ___freetlocinfo 67 API calls 20042->20043 20044 7098fd08 20043->20044 20045 70988ab7 ___freetlocinfo 67 API calls 20044->20045 20046 7098fd13 20045->20046 20047 70988ab7 ___freetlocinfo 67 API calls 20046->20047 20048 7098fd1e 20047->20048 20049 70988ab7 ___freetlocinfo 67 API calls 20048->20049 20050 7098fd29 20049->20050 20051 70988ab7 ___freetlocinfo 67 API calls 20050->20051 20052 7098fd34 20051->20052 20053 70988ab7 ___freetlocinfo 67 API calls 20052->20053 20054 7098fd3f 20053->20054 20055 70988ab7 ___freetlocinfo 67 API calls 20054->20055 20056 7098fd4a 20055->20056 20057 70988ab7 ___freetlocinfo 67 API calls 20056->20057 20058 7098fd58 20057->20058 20059 70988ab7 ___freetlocinfo 67 API calls 20058->20059 20060 7098fd63 20059->20060 20061 70988ab7 ___freetlocinfo 67 API calls 20060->20061 20062 7098fd6e 20061->20062 20063 70988ab7 ___freetlocinfo 67 API calls 20062->20063 20064 7098fd79 20063->20064 20065 70988ab7 ___freetlocinfo 67 API calls 20064->20065 20066 7098fd84 20065->20066 20067 70988ab7 ___freetlocinfo 67 API calls 20066->20067 20067->20068 20068->19838 20069->19810 20073 7098d96e LeaveCriticalSection 20070->20073 20072 7098c12f 20072->19783 20073->20072 20075 7098c398 __lseeki64 20074->20075 20076 70989f98 __getptd 67 API calls 20075->20076 20077 7098c3a1 20076->20077 20078 7098c09f __setmbcp 69 API calls 20077->20078 20079 7098c3ab 20078->20079 20105 7098c14f 20079->20105 20082 70988b9e _malloc 67 API calls 20083 7098c3cc 20082->20083 20084 7098c4eb __lseeki64 20083->20084 20112 7098c1d0 20083->20112 20084->19748 20087 7098c4f8 20087->20084 20091 7098c50b 20087->20091 20093 70988ab7 ___freetlocinfo 67 API calls 20087->20093 20088 7098c3fc InterlockedDecrement 20089 7098c40c 20088->20089 20090 7098c41d InterlockedIncrement 20088->20090 20089->20090 20095 70988ab7 ___freetlocinfo 67 API calls 20089->20095 20090->20084 20092 7098c433 20090->20092 20094 7098ca4d __lseeki64 67 API calls 20091->20094 20092->20084 20097 7098da52 __lock 67 API calls 20092->20097 20093->20091 20094->20084 20096 7098c41c 20095->20096 20096->20090 20099 7098c447 InterlockedDecrement 20097->20099 20100 7098c4c3 20099->20100 20101 7098c4d6 InterlockedIncrement 20099->20101 20100->20101 20103 70988ab7 ___freetlocinfo 67 API calls 20100->20103 20121 7098c4ed 20101->20121 20104 7098c4d5 20103->20104 20104->20101 20106 709887da ___crtGetStringTypeA 77 API calls 20105->20106 20107 7098c163 20106->20107 20108 7098c18c 20107->20108 20109 7098c16e GetOEMCP 20107->20109 20110 7098c17e 20108->20110 20111 7098c191 GetACP 20108->20111 20109->20110 20110->20082 20110->20084 20111->20110 20113 7098c14f getSystemCP 79 API calls 20112->20113 20114 7098c1f0 20113->20114 20115 7098c1fb setSBCS 20114->20115 20116 7098c223 GetCPInfo 20114->20116 20119 7098c236 _memset __setmbcp 20114->20119 20117 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20115->20117 20116->20115 20116->20119 20118 7098c385 20117->20118 20118->20087 20118->20088 20124 7098bf07 GetCPInfo 20119->20124 20278 7098d96e LeaveCriticalSection 20121->20278 20123 7098c4f4 20123->20084 20125 7098bfed 20124->20125 20128 7098bf3b _memset 20124->20128 20130 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20125->20130 20134 7098f9d7 20128->20134 20132 7098c098 20130->20132 20132->20119 20135 709887da ___crtGetStringTypeA 77 API calls 20134->20135 20136 7098f9ea 20135->20136 20144 7098f818 20136->20144 20139 7098f7cd 20140 709887da ___crtGetStringTypeA 77 API calls 20139->20140 20141 7098f7e0 20140->20141 20212 7098f314 20141->20212 20145 7098f839 GetStringTypeW 20144->20145 20146 7098f864 20144->20146 20147 7098f859 GetLastError 20145->20147 20148 7098f851 20145->20148 20146->20148 20149 7098f94b 20146->20149 20147->20146 20150 7098f89d MultiByteToWideChar 20148->20150 20167 7098f945 20148->20167 20172 7099168f GetLocaleInfoA 20149->20172 20156 7098f8ca 20150->20156 20150->20167 20152 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20154 7098bfa8 20152->20154 20154->20139 20155 7098f8df _memset __alloca_probe_16 20159 7098f918 MultiByteToWideChar 20155->20159 20155->20167 20156->20155 20161 70988b9e _malloc 67 API calls 20156->20161 20157 7098f99c GetStringTypeA 20160 7098f9b7 20157->20160 20157->20167 20163 7098f92e GetStringTypeW 20159->20163 20164 7098f93f 20159->20164 20165 70988ab7 ___freetlocinfo 67 API calls 20160->20165 20161->20155 20163->20164 20168 7098f2ef 20164->20168 20165->20167 20167->20152 20169 7098f2fb 20168->20169 20170 7098f30c 20168->20170 20169->20170 20171 70988ab7 ___freetlocinfo 67 API calls 20169->20171 20170->20167 20171->20170 20173 709916bd 20172->20173 20174 709916c2 20172->20174 20176 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20173->20176 20203 709918f3 20174->20203 20177 7098f96f 20176->20177 20177->20157 20177->20167 20178 709916dd 20177->20178 20179 7099171d GetCPInfo 20178->20179 20183 709917ad 20178->20183 20180 70991798 MultiByteToWideChar 20179->20180 20181 70991734 20179->20181 20180->20183 20187 7099174d 20180->20187 20181->20180 20184 7099173a GetCPInfo 20181->20184 20182 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20186 7098f990 20182->20186 20183->20182 20184->20180 20185 70991747 20184->20185 20185->20180 20185->20187 20186->20157 20186->20167 20188 70988b9e _malloc 67 API calls 20187->20188 20189 70991785 _memset __alloca_probe_16 20187->20189 20188->20189 20189->20183 20190 709917e2 MultiByteToWideChar 20189->20190 20191 70991819 20190->20191 20192 709917fa 20190->20192 20193 7098f2ef __freea 67 API calls 20191->20193 20194 7099181e 20192->20194 20195 70991801 WideCharToMultiByte 20192->20195 20193->20183 20196 70991829 WideCharToMultiByte 20194->20196 20197 7099183d 20194->20197 20195->20191 20196->20191 20196->20197 20198 70989222 __crtGetStringTypeA_stat 67 API calls 20197->20198 20199 70991845 20198->20199 20199->20191 20200 7099184e WideCharToMultiByte 20199->20200 20200->20191 20201 70991860 20200->20201 20202 70988ab7 ___freetlocinfo 67 API calls 20201->20202 20202->20191 20204 709918fe 20203->20204 20205 70991902 20203->20205 20204->20173 20208 70992649 20205->20208 20209 70992665 20208->20209 20210 70992409 ___ansicp 91 API calls 20209->20210 20211 70991910 20210->20211 20211->20173 20213 7098f320 ___crtLCMapStringA 20212->20213 20214 7098f32d LCMapStringW 20213->20214 20217 7098f348 20213->20217 20215 7098f350 GetLastError 20214->20215 20214->20217 20215->20217 20216 7098f607 20220 7099168f ___ansicp 91 API calls 20216->20220 20217->20216 20218 7098f3a2 20217->20218 20219 7098f3c6 MultiByteToWideChar 20218->20219 20262 7098f5f0 20218->20262 20226 7098f3f2 20219->20226 20219->20262 20222 7098f639 20220->20222 20224 7098f781 LCMapStringA 20222->20224 20225 7098f652 20222->20225 20222->20262 20227 7098f772 20224->20227 20228 709916dd __crtGetStringTypeA_stat 74 API calls 20225->20228 20232 70988b9e _malloc 67 API calls 20226->20232 20237 7098f412 ___crtLCMapStringA __alloca_probe_16 20226->20237 20231 7098f7a9 20227->20231 20238 70988ab7 ___freetlocinfo 67 API calls 20227->20238 20229 7098f664 20228->20229 20233 7098f66e LCMapStringA 20229->20233 20229->20262 20230 7098f484 MultiByteToWideChar 20235 7098f4a1 LCMapStringW 20230->20235 20236 7098f5c4 20230->20236 20247 70988ab7 ___freetlocinfo 67 API calls 20231->20247 20231->20262 20232->20237 20239 7098f687 20233->20239 20254 7098f68e 20233->20254 20234 70988b9e _malloc 67 API calls 20240 7098f471 20234->20240 20235->20236 20243 7098f4c2 20235->20243 20241 7098f5cb 20236->20241 20242 7098f5d5 20236->20242 20237->20230 20237->20234 20238->20231 20249 7098f76c 20239->20249 20250 7098f774 20239->20250 20240->20230 20240->20262 20244 70988ab7 ___freetlocinfo 67 API calls 20241->20244 20246 7098f5d3 20242->20246 20248 7098f2ef __freea 67 API calls 20242->20248 20245 7098f4cc 20243->20245 20261 7098f4fa 20243->20261 20244->20246 20245->20236 20255 7098f4df LCMapStringW 20245->20255 20251 7098f5e8 20246->20251 20252 7098f5f2 20246->20252 20247->20262 20248->20246 20253 70988ab7 ___freetlocinfo 67 API calls 20249->20253 20250->20227 20259 7098f2ef __freea 67 API calls 20250->20259 20256 70988ab7 ___freetlocinfo 67 API calls 20251->20256 20258 7098f2ef __freea 67 API calls 20252->20258 20252->20262 20253->20227 20260 70988b9e _malloc 67 API calls 20254->20260 20266 7098f6a4 ___crtLCMapStringA __alloca_probe_16 20254->20266 20255->20236 20256->20262 20257 7098f720 LCMapStringA 20257->20239 20265 7098f741 20257->20265 20258->20262 20259->20227 20260->20266 20263 70988b9e _malloc 67 API calls 20261->20263 20267 7098f519 ___crtLCMapStringA __alloca_probe_16 20261->20267 20275 70989668 20262->20275 20263->20267 20264 70988b9e _malloc 67 API calls 20273 7098f701 _memset 20264->20273 20268 709916dd __crtGetStringTypeA_stat 74 API calls 20265->20268 20266->20257 20266->20264 20269 70988b9e _malloc 67 API calls 20267->20269 20271 7098f576 20267->20271 20268->20239 20269->20271 20270 7098f58b LCMapStringW 20270->20236 20272 7098f5a3 WideCharToMultiByte 20270->20272 20271->20236 20271->20270 20272->20236 20273->20239 20273->20257 20276 70987fb3 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 4 API calls 20275->20276 20277 70989672 20276->20277 20277->20277 20278->20123 20280 7098ec23 20279->20280 20281 70989ccd __initp_misc_cfltcvt_tab 6 API calls 20280->20281 20282 70989b23 20280->20282 20281->20280 20282->19672 20284 70989b90 __lseeki64 20283->20284 20285 7098da52 __lock 67 API calls 20284->20285 20286 70989b97 20285->20286 20288 70989d53 __amsg_exit 6 API calls 20286->20288 20289 70989bd3 __initterm 20286->20289 20290 70989bc6 20288->20290 20297 70989c3d 20289->20297 20293 70989d53 __amsg_exit 6 API calls 20290->20293 20291 70989c3a __lseeki64 20291->19698 20293->20289 20295 70989c31 20296 70989a15 _malloc 3 API calls 20295->20296 20296->20291 20298 70989c1e 20297->20298 20299 70989c43 20297->20299 20298->20291 20301 7098d96e LeaveCriticalSection 20298->20301 20302 7098d96e LeaveCriticalSection 20299->20302 20301->20295 20302->20298 20306 70989fc3 __lseeki64 20303->20306 20304 7098a0e1 __lseeki64 20304->19700 20305 70989fdb 20308 70989fe9 20305->20308 20309 70988ab7 ___freetlocinfo 67 API calls 20305->20309 20306->20304 20306->20305 20307 70988ab7 ___freetlocinfo 67 API calls 20306->20307 20307->20305 20310 70989ff7 20308->20310 20312 70988ab7 ___freetlocinfo 67 API calls 20308->20312 20309->20308 20311 7098a005 20310->20311 20313 70988ab7 ___freetlocinfo 67 API calls 20310->20313 20314 7098a013 20311->20314 20315 70988ab7 ___freetlocinfo 67 API calls 20311->20315 20312->20310 20313->20311 20316 7098a021 20314->20316 20317 70988ab7 ___freetlocinfo 67 API calls 20314->20317 20315->20314 20318 7098a02f 20316->20318 20320 70988ab7 ___freetlocinfo 67 API calls 20316->20320 20317->20316 20319 7098a03d 20318->20319 20321 70988ab7 ___freetlocinfo 67 API calls 20318->20321 20322 7098a04b 20319->20322 20323 70988ab7 ___freetlocinfo 67 API calls 20319->20323 20320->20318 20321->20319 20324 7098a05c 20322->20324 20325 70988ab7 ___freetlocinfo 67 API calls 20322->20325 20323->20322 20326 7098da52 __lock 67 API calls 20324->20326 20325->20324 20327 7098a064 20326->20327 20328 7098a089 20327->20328 20329 7098a070 InterlockedDecrement 20327->20329 20343 7098a0ed 20328->20343 20329->20328 20330 7098a07b 20329->20330 20330->20328 20333 70988ab7 ___freetlocinfo 67 API calls 20330->20333 20333->20328 20334 7098da52 __lock 67 API calls 20335 7098a09d 20334->20335 20336 7098a0ce 20335->20336 20338 7098c730 ___removelocaleref 8 API calls 20335->20338 20346 7098a0f9 20336->20346 20341 7098a0b2 20338->20341 20340 70988ab7 ___freetlocinfo 67 API calls 20340->20304 20341->20336 20342 7098c54e ___freetlocinfo 67 API calls 20341->20342 20342->20336 20349 7098d96e LeaveCriticalSection 20343->20349 20345 7098a096 20345->20334 20350 7098d96e LeaveCriticalSection 20346->20350 20348 7098a0db 20348->20340 20349->20345 20350->20348 20351 70434168 20352 7043414f 20351->20352 20354 7043411d _raise 20352->20354 20359 704340df 20352->20359 20355 7043418f 20355->20354 20357 704340df GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20355->20357 20358 7043424f 20355->20358 20356 704340df GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20356->20354 20357->20358 20358->20354 20358->20356 20360 704340ea 20359->20360 20361 704340ef 20359->20361 20363 70436db3 20360->20363 20364 70436de5 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20363->20364 20365 70436dd8 20363->20365 20366 70436ddc 20364->20366 20365->20364 20365->20366 20366->20361 20367 7043648f 20384 70434970 20367->20384 20369 7043649b GetStartupInfoA 20385 704353b8 20369->20385 20371 70436606 20374 7043663c GetStdHandle 20371->20374 20375 704366a2 SetHandleCount 20371->20375 20377 7043664e GetFileType 20371->20377 20382 70436665 20371->20382 20372 704366c0 _raise 20373 704364bc 20373->20371 20373->20372 20376 704353b8 __crtGetStringTypeA_stat 66 API calls 20373->20376 20378 70436588 20373->20378 20374->20371 20375->20372 20376->20373 20377->20371 20378->20371 20380 704365b1 GetFileType 20378->20380 20381 704365bc 20378->20381 20379 704396fb __mtinitlocknum 66 API calls 20379->20382 20380->20378 20380->20381 20381->20372 20381->20378 20392 704396fb 20381->20392 20382->20371 20382->20372 20382->20379 20384->20369 20406 70435295 20385->20406 20387 704353d2 20388 704353f1 20387->20388 20419 704392f6 20387->20419 20388->20373 20391 704392f6 _raise 66 API calls 20391->20388 20393 70439707 _raise 20392->20393 20394 70435ee9 _raise 6 API calls 20393->20394 20395 70439717 20394->20395 20396 70435c06 __get_wpgmptr 63 API calls 20395->20396 20405 7043977a _raise 20395->20405 20398 70439727 20396->20398 20397 70439736 20400 7043976f 20397->20400 20401 7043973f GetModuleHandleW 20397->20401 20398->20397 20399 7043930e __FF_MSGBANNER 5 API calls 20398->20399 20399->20397 20404 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20400->20404 20402 70439752 GetModuleHandleW 20401->20402 20403 7043975d GetProcAddress 20401->20403 20402->20400 20402->20403 20403->20400 20404->20405 20405->20381 20407 704352a1 _raise 20406->20407 20408 704352b9 20407->20408 20418 704352d8 _memset 20407->20418 20409 704392f6 _raise 65 API calls 20408->20409 20410 704352be 20409->20410 20422 704393b9 20410->20422 20412 7043534a RtlAllocateHeap 20412->20418 20413 704352ce _raise 20413->20387 20418->20412 20418->20413 20426 7043857a 20418->20426 20433 70438dfd 20418->20433 20439 70435391 20418->20439 20442 7043598c 20418->20442 20688 704360ad GetLastError 20419->20688 20421 704353e8 20421->20388 20421->20391 20423 7043930e OutputDebugStringA 20422->20423 20445 704347bf 20423->20445 20425 704393b2 20425->20413 20427 704385a2 EnterCriticalSection 20426->20427 20428 7043858f 20426->20428 20427->20418 20449 704384b2 20428->20449 20430 70438595 20430->20427 20475 70435b4d 20430->20475 20435 70438e2b 20433->20435 20434 70438ec4 20438 70438ecd 20434->20438 20683 70438a0a 20434->20683 20435->20434 20435->20438 20676 70438955 20435->20676 20438->20418 20687 70438496 LeaveCriticalSection 20439->20687 20441 70435398 20441->20418 20443 70435ee9 _raise 6 API calls 20442->20443 20444 7043599c 20443->20444 20444->20418 20446 704347c7 20445->20446 20447 704347ca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20445->20447 20446->20425 20447->20425 20450 704384be _raise 20449->20450 20451 704384e4 20450->20451 20482 70439271 20450->20482 20457 704384f4 _raise 20451->20457 20528 70435133 20451->20528 20457->20430 20459 70438506 20463 704392f6 _raise 66 API calls 20459->20463 20460 70438515 20461 7043857a __lock 66 API calls 20460->20461 20464 7043851c 20461->20464 20463->20457 20465 70438550 20464->20465 20466 70438524 20464->20466 20468 70435202 __mtterm 66 API calls 20465->20468 20467 704396fb __mtinitlocknum 66 API calls 20466->20467 20469 7043852f 20467->20469 20470 70438541 20468->20470 20469->20470 20545 70435202 20469->20545 20558 7043856c 20470->20558 20473 7043853b 20474 704392f6 _raise 66 API calls 20473->20474 20474->20470 20476 70439271 __FF_MSGBANNER 66 API calls 20475->20476 20477 70435b57 20476->20477 20478 704390e7 __FF_MSGBANNER 66 API calls 20477->20478 20479 70435b5f 20478->20479 20480 70435ee9 _raise 6 API calls 20479->20480 20481 70435b6a 20480->20481 20481->20427 20561 7043ab84 20482->20561 20484 70439278 20485 70439285 20484->20485 20486 7043ab84 __set_error_mode 66 API calls 20484->20486 20487 704390e7 __FF_MSGBANNER 66 API calls 20485->20487 20489 704384d3 20485->20489 20486->20485 20488 7043929d 20487->20488 20490 704390e7 __FF_MSGBANNER 66 API calls 20488->20490 20491 704390e7 20489->20491 20490->20489 20492 704390fb 20491->20492 20493 704384da 20492->20493 20494 7043ab84 __set_error_mode 63 API calls 20492->20494 20525 70435bab 20493->20525 20495 7043911d 20494->20495 20496 70439231 GetStdHandle 20495->20496 20498 7043ab84 __set_error_mode 63 API calls 20495->20498 20496->20493 20497 7043923f 20496->20497 20497->20493 20501 70439257 WriteFile 20497->20501 20499 7043912e 20498->20499 20499->20496 20500 70439140 20499->20500 20500->20493 20567 70439400 20500->20567 20501->20493 20504 70439176 GetModuleFileNameA 20506 70439193 20504->20506 20507 704391b6 20504->20507 20510 70439400 _strcpy_s 63 API calls 20506->20510 20579 7043ab0b 20507->20579 20512 704391a3 20510->20512 20512->20507 20516 7043930e __FF_MSGBANNER 5 API calls 20512->20516 20513 704391d4 20515 7043ab0b _strcat_s 63 API calls 20513->20515 20514 7043930e __FF_MSGBANNER 5 API calls 20514->20513 20517 704391e3 20515->20517 20516->20507 20518 704391f4 20517->20518 20519 7043930e __FF_MSGBANNER 5 API calls 20517->20519 20520 7043ab0b _strcat_s 63 API calls 20518->20520 20519->20518 20521 70439208 20520->20521 20522 70439219 20521->20522 20524 7043930e __FF_MSGBANNER 5 API calls 20521->20524 20588 7043a964 20522->20588 20524->20522 20650 70435b7b GetModuleHandleA 20525->20650 20529 704351e6 20528->20529 20538 70435145 20528->20538 20530 7043598c _realloc 6 API calls 20529->20530 20531 704351ec 20530->20531 20533 704392f6 _raise 65 API calls 20531->20533 20532 70439271 __FF_MSGBANNER 65 API calls 20532->20538 20544 704351de 20533->20544 20535 704390e7 __FF_MSGBANNER 65 API calls 20535->20538 20536 704351a2 HeapAlloc 20536->20538 20537 70435bab _doexit 3 API calls 20537->20538 20538->20532 20538->20535 20538->20536 20538->20537 20539 704351d2 20538->20539 20540 7043598c _realloc 6 API calls 20538->20540 20542 704351d7 20538->20542 20538->20544 20653 704350df 20538->20653 20541 704392f6 _raise 65 API calls 20539->20541 20540->20538 20541->20542 20543 704392f6 _raise 65 API calls 20542->20543 20543->20544 20544->20459 20544->20460 20547 7043520e _raise 20545->20547 20546 70435287 _raise _realloc 20546->20473 20547->20546 20549 7043857a __lock 64 API calls 20547->20549 20557 7043524d 20547->20557 20548 70435262 HeapFree 20548->20546 20550 70435274 20548->20550 20554 70435225 ___sbh_find_block 20549->20554 20551 704392f6 _raise 64 API calls 20550->20551 20552 70435279 GetLastError 20551->20552 20552->20546 20553 7043523f 20671 70435258 20553->20671 20554->20553 20665 7043863a 20554->20665 20557->20546 20557->20548 20675 70438496 LeaveCriticalSection 20558->20675 20560 70438573 20560->20457 20563 7043ab93 20561->20563 20562 7043ab9d 20562->20484 20563->20562 20564 704392f6 _raise 66 API calls 20563->20564 20565 7043abb6 20564->20565 20566 704393b9 _raise 5 API calls 20565->20566 20566->20562 20568 70439418 20567->20568 20569 70439411 20567->20569 20570 704392f6 _raise 66 API calls 20568->20570 20569->20568 20574 7043943e 20569->20574 20571 7043941d 20570->20571 20572 704393b9 _raise 5 API calls 20571->20572 20573 70439162 20572->20573 20573->20504 20576 7043930e OutputDebugStringA 20573->20576 20574->20573 20575 704392f6 _raise 66 API calls 20574->20575 20575->20571 20577 704347bf __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 4 API calls 20576->20577 20578 70439173 20577->20578 20578->20504 20580 7043ab23 20579->20580 20583 7043ab1c 20579->20583 20581 704392f6 _raise 66 API calls 20580->20581 20582 7043ab28 20581->20582 20584 704393b9 _raise 5 API calls 20582->20584 20583->20580 20586 7043ab57 20583->20586 20585 704391c1 20584->20585 20585->20513 20585->20514 20586->20585 20587 704392f6 _raise 66 API calls 20586->20587 20587->20582 20625 70435edb 20588->20625 20591 7043a98e LoadLibraryExA 20592 7043a9a8 GetProcAddress 20591->20592 20595 7043a9a1 20591->20595 20592->20595 20596 7043a9ba 20592->20596 20593 7043aab6 20600 70435ee9 _raise 6 API calls 20593->20600 20619 7043aa9b 20593->20619 20594 7043aa37 20594->20593 20634 70435ee9 TlsGetValue 20594->20634 20595->20493 20597 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20596->20597 20601 7043a9c0 GetProcAddress 20597->20601 20599 70435ee9 _raise 6 API calls 20599->20595 20607 7043aac5 20600->20607 20603 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20601->20603 20604 7043a9d5 GetProcAddress 20603->20604 20605 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20604->20605 20609 7043a9ea 20605->20609 20606 7043aa83 20644 70435c47 20606->20644 20612 70435ee9 _raise 6 API calls 20607->20612 20607->20619 20628 70435c06 20609->20628 20610 70435ee9 _raise 6 API calls 20611 7043aa76 20610->20611 20611->20593 20611->20606 20612->20619 20616 7043930e __FF_MSGBANNER 5 API calls 20616->20619 20617 7043aa08 20617->20594 20618 7043aa11 GetProcAddress 20617->20618 20621 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20618->20621 20619->20599 20620 7043930e __FF_MSGBANNER 5 API calls 20620->20617 20622 7043aa1f 20621->20622 20622->20594 20623 7043aa29 GetProcAddress 20622->20623 20624 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20623->20624 20624->20594 20626 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20625->20626 20627 70435ee2 20626->20627 20627->20591 20627->20594 20629 70435c15 20628->20629 20630 704392f6 _raise 66 API calls 20629->20630 20631 70435c2a 20629->20631 20632 70435c1a 20630->20632 20631->20617 20631->20620 20633 704393b9 _raise 5 API calls 20632->20633 20633->20631 20635 70435f22 GetModuleHandleW 20634->20635 20636 70435f01 20634->20636 20637 70435f33 GetModuleHandleW 20635->20637 20638 70435f3e GetProcAddress 20635->20638 20636->20635 20639 70435f0b TlsGetValue 20636->20639 20637->20638 20640 70435f56 20637->20640 20641 70435f1a 20638->20641 20642 70435f16 20639->20642 20640->20606 20640->20610 20641->20640 20643 70435f4e RtlDecodePointer 20641->20643 20642->20635 20642->20641 20643->20640 20645 70435c56 20644->20645 20646 704392f6 _raise 66 API calls 20645->20646 20647 70435c6b 20645->20647 20648 70435c5b 20646->20648 20647->20616 20647->20619 20649 704393b9 _raise 5 API calls 20648->20649 20649->20647 20651 70435b9f ExitProcess 20650->20651 20652 70435b8f GetProcAddress 20650->20652 20652->20651 20654 704350eb _raise 20653->20654 20655 7043511c _raise 20654->20655 20656 7043857a __lock 66 API calls 20654->20656 20655->20538 20657 70435101 20656->20657 20658 70438dfd ___sbh_alloc_block 5 API calls 20657->20658 20659 7043510c 20658->20659 20661 70435125 20659->20661 20664 70438496 LeaveCriticalSection 20661->20664 20663 7043512c 20663->20655 20664->20663 20666 70438679 20665->20666 20670 7043891b ___BuildCatchObjectHelper 20665->20670 20667 70438865 VirtualFree 20666->20667 20666->20670 20668 704388c9 20667->20668 20669 704388d8 VirtualFree HeapFree 20668->20669 20668->20670 20669->20670 20670->20553 20674 70438496 LeaveCriticalSection 20671->20674 20673 7043525f 20673->20557 20674->20673 20675->20560 20677 70438968 HeapReAlloc 20676->20677 20678 7043899c HeapAlloc 20676->20678 20679 7043898a 20677->20679 20681 70438986 20677->20681 20680 704389bf VirtualAlloc 20678->20680 20678->20681 20679->20678 20680->20681 20682 704389d9 HeapFree 20680->20682 20681->20434 20682->20681 20684 70438a21 VirtualAlloc 20683->20684 20686 70438a68 20684->20686 20686->20438 20687->20441 20702 70435f6f TlsGetValue 20688->20702 20691 704360d2 20692 7043611d SetLastError 20691->20692 20707 7043a2ba 20691->20707 20692->20421 20695 70435ee9 _raise 6 API calls 20696 704360fe 20695->20696 20697 70436105 20696->20697 20698 70436114 20696->20698 20712 70435fe0 20697->20712 20700 70435202 __mtterm 63 API calls 20698->20700 20701 7043610d 20700->20701 20701->20692 20703 70435f98 TlsGetValue 20702->20703 20704 70435f7f 20702->20704 20703->20691 20705 70435ee9 _raise 6 API calls 20704->20705 20706 70435f8a TlsSetValue 20705->20706 20706->20703 20711 7043a2c3 20707->20711 20708 70435295 __calloc_impl 65 API calls 20708->20711 20709 704360e4 20709->20692 20709->20695 20710 7043a2e1 Sleep 20710->20711 20711->20708 20711->20709 20711->20710 20725 70434970 20712->20725 20714 70435fec GetModuleHandleW 20715 70436000 GetModuleHandleW 20714->20715 20716 7043600a 20714->20716 20715->20716 20717 70436020 GetProcAddress GetProcAddress 20716->20717 20718 70436046 InterlockedIncrement 20716->20718 20717->20718 20719 7043857a __lock 61 API calls 20718->20719 20720 7043606d 20719->20720 20726 7043993b InterlockedIncrement 20720->20726 20722 7043608c 20738 7043609f 20722->20738 20724 70436099 _raise 20724->20701 20725->20714 20727 70439959 InterlockedIncrement 20726->20727 20728 7043995c 20726->20728 20727->20728 20729 70439966 InterlockedIncrement 20728->20729 20730 70439969 20728->20730 20729->20730 20731 70439973 InterlockedIncrement 20730->20731 20732 70439976 20730->20732 20731->20732 20733 70439980 InterlockedIncrement 20732->20733 20734 70439983 20732->20734 20733->20734 20735 7043999c InterlockedIncrement 20734->20735 20736 704399ac InterlockedIncrement 20734->20736 20737 704399b7 InterlockedIncrement 20734->20737 20735->20734 20736->20734 20737->20722 20741 70438496 LeaveCriticalSection 20738->20741 20740 704360a6 20740->20724 20741->20740 20742 70433f2e 20743 70433f51 GetVersionExA 20742->20743 20744 7043402f 20742->20744 20747 70433f73 20743->20747 20775 70433f6c 20743->20775 20745 70434035 20744->20745 20746 7043406a 20744->20746 20752 70434054 20745->20752 20745->20775 20854 70435e08 20745->20854 20748 704340bb 20746->20748 20749 7043406f 20746->20749 20783 70436cd5 HeapCreate 20747->20783 20748->20775 20857 7043629d 20748->20857 20751 70435f6f ___set_flsgetvalue 8 API calls 20749->20751 20757 70434074 20751->20757 20754 70434059 20752->20754 20752->20775 20753 704347bf __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 4 API calls 20759 704340d6 20753->20759 20885 704366ce 20754->20885 20755 70433fc5 20755->20775 20793 70436310 GetModuleHandleW 20755->20793 20761 704353b8 __crtGetStringTypeA_stat 66 API calls 20757->20761 20764 70434080 20761->20764 20767 7043408c 20764->20767 20764->20775 20765 70435f9e __mtterm 69 API calls 20768 70434063 20765->20768 20770 70435ee9 _raise 6 API calls 20767->20770 20771 70436d3a __heap_term 4 API calls 20768->20771 20769 70433fda GetCommandLineA 20827 70436b37 20769->20827 20774 7043409e 20770->20774 20771->20775 20776 704340a5 20774->20776 20777 704340af 20774->20777 20775->20753 20780 70435fe0 _raise 66 API calls 20776->20780 20781 70435202 __mtterm 66 API calls 20777->20781 20780->20775 20781->20775 20782 70433fd3 20868 70436d3a 20782->20868 20784 70436cf9 20783->20784 20785 70436cfd 20783->20785 20784->20755 20890 70436c73 20785->20890 20788 70436d30 20788->20755 20789 70436d0c 20899 704385b2 HeapAlloc 20789->20899 20792 70436d1b HeapDestroy 20792->20784 20794 70436362 TlsAlloc 20793->20794 20795 70436328 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 20793->20795 20797 70433fcf 20794->20797 20798 704363bc TlsSetValue 20794->20798 20795->20794 20797->20769 20797->20782 20798->20797 20799 704363c9 20798->20799 20901 70435e1c 20799->20901 20802 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20803 704363d9 20802->20803 20804 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20803->20804 20805 704363e9 20804->20805 20806 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20805->20806 20807 704363f9 20806->20807 20808 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20807->20808 20809 70436409 20808->20809 20908 704383e4 20809->20908 20812 7043641a 20813 70435f9e __mtterm 69 API calls 20812->20813 20813->20797 20814 70435ee9 _raise 6 API calls 20815 70436435 20814->20815 20815->20812 20816 70436442 20815->20816 20817 7043a2ba __calloc_crt 66 API calls 20816->20817 20818 7043644e 20817->20818 20818->20812 20819 70435ee9 _raise 6 API calls 20818->20819 20820 70436468 20819->20820 20821 70436478 20820->20821 20822 7043646f 20820->20822 20824 70435fe0 _raise 66 API calls 20821->20824 20823 70435202 __mtterm 66 API calls 20822->20823 20825 70436475 20823->20825 20826 7043647f 20824->20826 20825->20812 20826->20797 20828 70436b74 20827->20828 20829 70436b55 GetEnvironmentStringsW 20827->20829 20830 70436c0d 20828->20830 20831 70436b5d 20828->20831 20829->20831 20832 70436b69 GetLastError 20829->20832 20833 70436c16 GetEnvironmentStrings 20830->20833 20836 70433fea 20830->20836 20834 70436b90 GetEnvironmentStringsW 20831->20834 20835 70436b9f WideCharToMultiByte 20831->20835 20832->20828 20833->20836 20841 70436c26 20833->20841 20834->20835 20834->20836 20839 70436bd3 20835->20839 20840 70436c02 FreeEnvironmentStringsW 20835->20840 20836->20775 20874 70435f9e 20836->20874 20843 70435133 _malloc 66 API calls 20839->20843 20840->20836 20842 70435133 _malloc 66 API calls 20841->20842 20844 70436c40 20842->20844 20845 70436bd9 20843->20845 20846 70436c53 20844->20846 20847 70436c47 FreeEnvironmentStringsA 20844->20847 20845->20840 20848 70436be1 WideCharToMultiByte 20845->20848 20918 70434b90 20846->20918 20847->20836 20850 70436bf3 20848->20850 20851 70436bfb 20848->20851 20853 70435202 __mtterm 66 API calls 20850->20853 20851->20840 20853->20851 20922 70435d1a 20854->20922 20856 70435e13 20856->20752 20858 704362f6 20857->20858 20859 704362ab 20857->20859 20860 70436300 TlsSetValue 20858->20860 20861 70436309 20858->20861 20862 704362b1 TlsGetValue 20859->20862 20863 704362d4 20859->20863 20860->20861 20861->20775 20862->20863 20864 704362c4 TlsGetValue 20862->20864 20865 70435ee9 _raise 6 API calls 20863->20865 20864->20863 20866 704362eb 20865->20866 20944 7043614d 20866->20944 20869 70436d43 20868->20869 20870 70436d9a HeapDestroy 20868->20870 20871 70436d88 HeapFree 20869->20871 20872 70436d5f VirtualFree HeapFree 20869->20872 20870->20775 20871->20870 20872->20872 20873 70436d87 20872->20873 20873->20871 20875 70435fa8 20874->20875 20876 70435fb4 20874->20876 20877 70435ee9 _raise 6 API calls 20875->20877 20878 70435fc8 TlsFree 20876->20878 20879 70435fd6 20876->20879 20877->20876 20878->20879 20880 70438456 DeleteCriticalSection 20879->20880 20881 7043846e 20879->20881 20882 70435202 __mtterm 66 API calls 20880->20882 20883 70438480 DeleteCriticalSection 20881->20883 20884 7043848e 20881->20884 20882->20879 20883->20881 20884->20782 20886 704366d7 20885->20886 20887 7043405e 20886->20887 20888 704366eb DeleteCriticalSection 20886->20888 20889 70435202 __mtterm 66 API calls 20886->20889 20887->20765 20888->20886 20889->20886 20891 70435c06 __get_wpgmptr 66 API calls 20890->20891 20892 70436c8c 20891->20892 20893 70436c9b 20892->20893 20894 7043930e __FF_MSGBANNER 5 API calls 20892->20894 20895 70435c47 __get_amblksiz 66 API calls 20893->20895 20894->20893 20896 70436ca7 20895->20896 20897 7043930e __FF_MSGBANNER 5 API calls 20896->20897 20898 70436cb6 20896->20898 20897->20898 20898->20788 20898->20789 20900 70436d16 20899->20900 20900->20788 20900->20792 20902 70435edb _raise 6 API calls 20901->20902 20903 70435e24 __initp_misc_winsig 20902->20903 20912 70437c65 20903->20912 20906 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20907 70435e54 20906->20907 20907->20802 20911 704383ef 20908->20911 20910 70436416 20910->20812 20910->20814 20911->20910 20915 704397d4 20911->20915 20913 70435e63 __initp_misc_cfltcvt_tab 6 API calls 20912->20913 20914 70435e4a 20913->20914 20914->20906 20916 704396fb __mtinitlocknum 66 API calls 20915->20916 20917 704397e4 20916->20917 20917->20911 20919 70434ba8 20918->20919 20920 70434bcf __VEC_memcpy 20919->20920 20921 70434bd7 FreeEnvironmentStringsA 20919->20921 20920->20921 20921->20836 20923 70435d26 _raise 20922->20923 20924 7043857a __lock 66 API calls 20923->20924 20925 70435d2d 20924->20925 20926 70435d69 __initterm 20925->20926 20928 70435ee9 _raise 6 API calls 20925->20928 20938 70435dd3 20926->20938 20930 70435d5c 20928->20930 20933 70435ee9 _raise 6 API calls 20930->20933 20931 70435de2 _raise 20931->20856 20932 70435dba 20942 70438496 LeaveCriticalSection 20932->20942 20933->20926 20935 70435dc7 20936 70435bab _doexit 3 API calls 20935->20936 20937 70435dd0 20936->20937 20937->20931 20939 70435db4 20938->20939 20940 70435dd9 20938->20940 20939->20931 20939->20932 20943 70438496 LeaveCriticalSection 20940->20943 20942->20935 20943->20939 20947 70436159 _raise 20944->20947 20945 70436277 _raise 20945->20858 20946 70436171 20949 7043617f 20946->20949 20950 70435202 __mtterm 66 API calls 20946->20950 20947->20945 20947->20946 20948 70435202 __mtterm 66 API calls 20947->20948 20948->20946 20951 7043618d 20949->20951 20952 70435202 __mtterm 66 API calls 20949->20952 20950->20949 20953 7043619b 20951->20953 20954 70435202 __mtterm 66 API calls 20951->20954 20952->20951 20955 704361a9 20953->20955 20956 70435202 __mtterm 66 API calls 20953->20956 20954->20953 20957 704361b7 20955->20957 20958 70435202 __mtterm 66 API calls 20955->20958 20956->20955 20959 704361c5 20957->20959 20960 70435202 __mtterm 66 API calls 20957->20960 20958->20957 20961 704361d3 20959->20961 20962 70435202 __mtterm 66 API calls 20959->20962 20960->20959 20963 704361e1 20961->20963 20964 70435202 __mtterm 66 API calls 20961->20964 20962->20961 20965 704361f2 20963->20965 20966 70435202 __mtterm 66 API calls 20963->20966 20964->20963 20967 7043857a __lock 66 API calls 20965->20967 20966->20965 20968 704361fa 20967->20968 20969 7043621f 20968->20969 20970 70436206 InterlockedDecrement 20968->20970 20984 70436283 20969->20984 20970->20969 20972 70436211 20970->20972 20972->20969 20974 70435202 __mtterm 66 API calls 20972->20974 20974->20969 20975 7043857a __lock 66 API calls 20976 70436233 20975->20976 20983 70436264 20976->20983 20987 704399cf 20976->20987 20981 70435202 __mtterm 66 API calls 20981->20945 21031 7043628f 20983->21031 21034 70438496 LeaveCriticalSection 20984->21034 20986 7043622c 20986->20975 20988 70436248 20987->20988 20989 704399e0 InterlockedDecrement 20987->20989 20988->20983 21001 704397ed 20988->21001 20990 704399f5 InterlockedDecrement 20989->20990 20991 704399f8 20989->20991 20990->20991 20992 70439a02 InterlockedDecrement 20991->20992 20993 70439a05 20991->20993 20992->20993 20994 70439a12 20993->20994 20995 70439a0f InterlockedDecrement 20993->20995 20996 70439a1c InterlockedDecrement 20994->20996 20997 70439a1f 20994->20997 20995->20994 20996->20997 20998 70439a38 InterlockedDecrement 20997->20998 20999 70439a48 InterlockedDecrement 20997->20999 21000 70439a53 InterlockedDecrement 20997->21000 20998->20997 20999->20997 21000->20988 21002 70439871 21001->21002 21005 70439804 21001->21005 21003 70435202 __mtterm 66 API calls 21002->21003 21004 704398be 21002->21004 21007 70439892 21003->21007 21015 704398e5 21004->21015 21075 7043abe2 21004->21075 21005->21002 21011 70435202 __mtterm 66 API calls 21005->21011 21013 70439838 21005->21013 21009 70435202 __mtterm 66 API calls 21007->21009 21014 704398a5 21009->21014 21010 70435202 __mtterm 66 API calls 21010->21015 21017 7043982d 21011->21017 21012 7043992a 21018 70435202 __mtterm 66 API calls 21012->21018 21019 70435202 __mtterm 66 API calls 21013->21019 21030 70439859 21013->21030 21020 70435202 __mtterm 66 API calls 21014->21020 21015->21012 21027 70435202 66 API calls __mtterm 21015->21027 21016 70435202 __mtterm 66 API calls 21021 70439866 21016->21021 21035 7043afcc 21017->21035 21024 70439930 21018->21024 21025 7043984e 21019->21025 21026 704398b3 21020->21026 21022 70435202 __mtterm 66 API calls 21021->21022 21022->21002 21024->20983 21063 7043af5e 21025->21063 21029 70435202 __mtterm 66 API calls 21026->21029 21027->21015 21029->21004 21030->21016 21249 70438496 LeaveCriticalSection 21031->21249 21033 70436271 21033->20981 21034->20986 21036 7043afdd 21035->21036 21062 7043b0c6 21035->21062 21037 7043afee 21036->21037 21038 70435202 __mtterm 66 API calls 21036->21038 21039 7043b000 21037->21039 21040 70435202 __mtterm 66 API calls 21037->21040 21038->21037 21041 7043b012 21039->21041 21042 70435202 __mtterm 66 API calls 21039->21042 21040->21039 21043 7043b024 21041->21043 21044 70435202 __mtterm 66 API calls 21041->21044 21042->21041 21045 7043b036 21043->21045 21046 70435202 __mtterm 66 API calls 21043->21046 21044->21043 21047 7043b048 21045->21047 21048 70435202 __mtterm 66 API calls 21045->21048 21046->21045 21049 7043b05a 21047->21049 21050 70435202 __mtterm 66 API calls 21047->21050 21048->21047 21051 7043b06c 21049->21051 21052 70435202 __mtterm 66 API calls 21049->21052 21050->21049 21053 7043b07e 21051->21053 21054 70435202 __mtterm 66 API calls 21051->21054 21052->21051 21055 7043b090 21053->21055 21056 70435202 __mtterm 66 API calls 21053->21056 21054->21053 21057 70435202 __mtterm 66 API calls 21055->21057 21059 7043b0a2 21055->21059 21056->21055 21057->21059 21058 7043b0b4 21061 70435202 __mtterm 66 API calls 21058->21061 21058->21062 21059->21058 21060 70435202 __mtterm 66 API calls 21059->21060 21060->21058 21061->21062 21062->21013 21064 7043af6b 21063->21064 21074 7043afc3 21063->21074 21065 70435202 __mtterm 66 API calls 21064->21065 21068 7043af7b 21064->21068 21065->21068 21066 7043af8d 21067 7043af9f 21066->21067 21070 70435202 __mtterm 66 API calls 21066->21070 21071 7043afb1 21067->21071 21072 70435202 __mtterm 66 API calls 21067->21072 21068->21066 21069 70435202 __mtterm 66 API calls 21068->21069 21069->21066 21070->21067 21073 70435202 __mtterm 66 API calls 21071->21073 21071->21074 21072->21071 21073->21074 21074->21030 21076 7043abf3 21075->21076 21077 704398de 21075->21077 21078 70435202 __mtterm 66 API calls 21076->21078 21077->21010 21079 7043abfb 21078->21079 21080 70435202 __mtterm 66 API calls 21079->21080 21081 7043ac03 21080->21081 21082 70435202 __mtterm 66 API calls 21081->21082 21083 7043ac0b 21082->21083 21084 70435202 __mtterm 66 API calls 21083->21084 21085 7043ac13 21084->21085 21086 70435202 __mtterm 66 API calls 21085->21086 21087 7043ac1b 21086->21087 21088 70435202 __mtterm 66 API calls 21087->21088 21089 7043ac23 21088->21089 21090 70435202 __mtterm 66 API calls 21089->21090 21091 7043ac2a 21090->21091 21092 70435202 __mtterm 66 API calls 21091->21092 21093 7043ac32 21092->21093 21094 70435202 __mtterm 66 API calls 21093->21094 21095 7043ac3a 21094->21095 21096 70435202 __mtterm 66 API calls 21095->21096 21097 7043ac42 21096->21097 21098 70435202 __mtterm 66 API calls 21097->21098 21099 7043ac4a 21098->21099 21100 70435202 __mtterm 66 API calls 21099->21100 21101 7043ac52 21100->21101 21102 70435202 __mtterm 66 API calls 21101->21102 21103 7043ac5a 21102->21103 21104 70435202 __mtterm 66 API calls 21103->21104 21105 7043ac62 21104->21105 21106 70435202 __mtterm 66 API calls 21105->21106 21107 7043ac6a 21106->21107 21108 70435202 __mtterm 66 API calls 21107->21108 21109 7043ac72 21108->21109 21110 70435202 __mtterm 66 API calls 21109->21110 21111 7043ac7d 21110->21111 21112 70435202 __mtterm 66 API calls 21111->21112 21113 7043ac85 21112->21113 21114 70435202 __mtterm 66 API calls 21113->21114 21115 7043ac8d 21114->21115 21116 70435202 __mtterm 66 API calls 21115->21116 21117 7043ac95 21116->21117 21118 70435202 __mtterm 66 API calls 21117->21118 21119 7043ac9d 21118->21119 21120 70435202 __mtterm 66 API calls 21119->21120 21121 7043aca5 21120->21121 21122 70435202 __mtterm 66 API calls 21121->21122 21123 7043acad 21122->21123 21124 70435202 __mtterm 66 API calls 21123->21124 21125 7043acb5 21124->21125 21126 70435202 __mtterm 66 API calls 21125->21126 21127 7043acbd 21126->21127 21128 70435202 __mtterm 66 API calls 21127->21128 21129 7043acc5 21128->21129 21130 70435202 __mtterm 66 API calls 21129->21130 21131 7043accd 21130->21131 21132 70435202 __mtterm 66 API calls 21131->21132 21133 7043acd5 21132->21133 21134 70435202 __mtterm 66 API calls 21133->21134 21135 7043acdd 21134->21135 21136 70435202 __mtterm 66 API calls 21135->21136 21137 7043ace5 21136->21137 21138 70435202 __mtterm 66 API calls 21137->21138 21139 7043aced 21138->21139 21140 70435202 __mtterm 66 API calls 21139->21140 21141 7043acf5 21140->21141 21142 70435202 __mtterm 66 API calls 21141->21142 21143 7043ad03 21142->21143 21144 70435202 __mtterm 66 API calls 21143->21144 21145 7043ad0e 21144->21145 21146 70435202 __mtterm 66 API calls 21145->21146 21147 7043ad19 21146->21147 21148 70435202 __mtterm 66 API calls 21147->21148 21149 7043ad24 21148->21149 21150 70435202 __mtterm 66 API calls 21149->21150 21151 7043ad2f 21150->21151 21152 70435202 __mtterm 66 API calls 21151->21152 21153 7043ad3a 21152->21153 21154 70435202 __mtterm 66 API calls 21153->21154 21155 7043ad45 21154->21155 21156 70435202 __mtterm 66 API calls 21155->21156 21157 7043ad50 21156->21157 21158 70435202 __mtterm 66 API calls 21157->21158 21159 7043ad5b 21158->21159 21160 70435202 __mtterm 66 API calls 21159->21160 21161 7043ad66 21160->21161 21162 70435202 __mtterm 66 API calls 21161->21162 21163 7043ad71 21162->21163 21164 70435202 __mtterm 66 API calls 21163->21164 21165 7043ad7c 21164->21165 21166 70435202 __mtterm 66 API calls 21165->21166 21167 7043ad87 21166->21167 21168 70435202 __mtterm 66 API calls 21167->21168 21169 7043ad92 21168->21169 21170 70435202 __mtterm 66 API calls 21169->21170 21171 7043ad9d 21170->21171 21172 70435202 __mtterm 66 API calls 21171->21172 21173 7043ada8 21172->21173 21174 70435202 __mtterm 66 API calls 21173->21174 21175 7043adb6 21174->21175 21176 70435202 __mtterm 66 API calls 21175->21176 21177 7043adc1 21176->21177 21178 70435202 __mtterm 66 API calls 21177->21178 21179 7043adcc 21178->21179 21180 70435202 __mtterm 66 API calls 21179->21180 21181 7043add7 21180->21181 21182 70435202 __mtterm 66 API calls 21181->21182 21183 7043ade2 21182->21183 21184 70435202 __mtterm 66 API calls 21183->21184 21185 7043aded 21184->21185 21186 70435202 __mtterm 66 API calls 21185->21186 21187 7043adf8 21186->21187 21188 70435202 __mtterm 66 API calls 21187->21188 21189 7043ae03 21188->21189 21190 70435202 __mtterm 66 API calls 21189->21190 21191 7043ae0e 21190->21191 21192 70435202 __mtterm 66 API calls 21191->21192 21193 7043ae19 21192->21193 21194 70435202 __mtterm 66 API calls 21193->21194 21195 7043ae24 21194->21195 21196 70435202 __mtterm 66 API calls 21195->21196 21197 7043ae2f 21196->21197 21198 70435202 __mtterm 66 API calls 21197->21198 21199 7043ae3a 21198->21199 21200 70435202 __mtterm 66 API calls 21199->21200 21201 7043ae45 21200->21201 21202 70435202 __mtterm 66 API calls 21201->21202 21203 7043ae50 21202->21203 21204 70435202 __mtterm 66 API calls 21203->21204 21205 7043ae5b 21204->21205 21206 70435202 __mtterm 66 API calls 21205->21206 21207 7043ae69 21206->21207 21208 70435202 __mtterm 66 API calls 21207->21208 21209 7043ae74 21208->21209 21210 70435202 __mtterm 66 API calls 21209->21210 21211 7043ae7f 21210->21211 21212 70435202 __mtterm 66 API calls 21211->21212 21213 7043ae8a 21212->21213 21214 70435202 __mtterm 66 API calls 21213->21214 21215 7043ae95 21214->21215 21216 70435202 __mtterm 66 API calls 21215->21216 21217 7043aea0 21216->21217 21218 70435202 __mtterm 66 API calls 21217->21218 21219 7043aeab 21218->21219 21220 70435202 __mtterm 66 API calls 21219->21220 21221 7043aeb6 21220->21221 21222 70435202 __mtterm 66 API calls 21221->21222 21223 7043aec1 21222->21223 21224 70435202 __mtterm 66 API calls 21223->21224 21225 7043aecc 21224->21225 21226 70435202 __mtterm 66 API calls 21225->21226 21227 7043aed7 21226->21227 21228 70435202 __mtterm 66 API calls 21227->21228 21229 7043aee2 21228->21229 21230 70435202 __mtterm 66 API calls 21229->21230 21231 7043aeed 21230->21231 21232 70435202 __mtterm 66 API calls 21231->21232 21233 7043aef8 21232->21233 21234 70435202 __mtterm 66 API calls 21233->21234 21235 7043af03 21234->21235 21236 70435202 __mtterm 66 API calls 21235->21236 21237 7043af0e 21236->21237 21238 70435202 __mtterm 66 API calls 21237->21238 21239 7043af1c 21238->21239 21240 70435202 __mtterm 66 API calls 21239->21240 21241 7043af27 21240->21241 21242 70435202 __mtterm 66 API calls 21241->21242 21243 7043af32 21242->21243 21244 70435202 __mtterm 66 API calls 21243->21244 21245 7043af3d 21244->21245 21246 70435202 __mtterm 66 API calls 21245->21246 21247 7043af48 21246->21247 21248 70435202 __mtterm 66 API calls 21247->21248 21248->21077 21249->21033 21250 7043429d 21251 704342a8 21250->21251 21252 704340df 5 API calls 21251->21252 21253 704342cc _raise 21251->21253 21252->21253

                                                                                                                                Executed Functions

                                                                                                                                Function 70433F2E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 89%
                                                                                                                                			E70433F2E(signed int _a8, signed int _a12) {
				signed int _v8;
				struct _OSVERSIONINFOA _v156;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				signed int _t13;
				signed int _t15;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t36;
				signed int _t37;
				signed int _t41;
				signed int _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t53;
				signed int _t54;
				void* _t55;
				intOrPtr _t57;
				signed int _t62;

				_t11 =  *0x7043e060; // 0x4d88bf16
				_v8 = _t11 ^ _t62;
				_t13 = _a8;
				if(_t13 != 1) {
					__eflags = _t13;
					if(_t13 != 0) {
						__eflags = _t13 - 2;
						if(_t13 != 2) {
							__eflags = _t13 - 3;
							if(_t13 != 3) {
								L29:
								_t15 = 1;
								__eflags = 1;
								L30:
								return E704347BF(_t15, _t43, _v8 ^ _t62, _t57, 0, _t59);
							}
							E7043629D(_t43, 0, _t59, 0); // executed
							L28:
							goto L29;
						}
						E70435F6F();
						_t59 = E704353B8(_t44, _t59, __eflags, 1, 0x214);
						__eflags = _t59;
						if(_t59 == 0) {
							L2:
							_t15 = 0;
							goto L30;
						}
						_push(_t59);
						_push( *0x7043e0f8);
						__eflags =  *((intOrPtr*)(E70435EE9( *0x7043ef14)))();
						if(__eflags == 0) {
							_push(_t59);
							E70435202(_t43, 0, _t59, __eflags);
							goto L2;
						}
						_push(0);
						_push(_t59);
						E70435FE0(_t43, 0, _t59, __eflags);
						goto L28;
					}
					__eflags =  *0x7043eea8; // 0x0
					if(__eflags <= 0) {
						goto L2;
					}
					 *0x7043eea8 =  *0x7043eea8 - 1;
					__eflags =  *0x7043ef04; // 0x1
					if(__eflags == 0) {
						E70435E08();
					}
					__eflags = _a12;
					if(_a12 == 0) {
						E704366CE();
						E70435F9E();
						E70436D3A();
					}
					goto L29;
				}
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0) {
					_t53 = _v156.dwPlatformId;
					_t31 = _v156.dwBuildNumber & 0x00007fff;
					__eflags = _t53 - 2;
					if(_t53 != 2) {
						_t31 = _t31 | 0x00008000;
						__eflags = _t31;
					}
					_t57 = _v156.dwMinorVersion;
					 *0x7043eec8 = _t53;
					_t54 = _v156.dwMajorVersion;
					_t59 = (_t54 << 8) + _t57;
					 *0x7043eed0 = (_t54 << 8) + _t57;
					 *0x7043eed4 = _t54;
					 *0x7043eed8 = _t57;
					 *0x7043eecc = _t31; // executed
					_t32 = E70436CD5(_t43, _t57, 0, 1); // executed
					_pop(_t55);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = E70436310();
						__eflags = _t33;
						if(_t33 != 0) {
							 *0x7043fa9c = GetCommandLineA(); // executed
							_t35 = E70436B37(); // executed
							 *0x7043eeb0 = _t35;
							_t36 = E7043648F(_t43, _t55, _t57, 0, _t59, __eflags);
							__eflags = _t36;
							if(_t36 >= 0) {
								_t37 = E70436A43(_t55);
								__eflags = _t37;
								if(_t37 < 0) {
									L14:
									E704366CE();
									goto L9;
								}
								_t41 = E70436721();
								__eflags = _t41;
								if(_t41 < 0) {
									goto L14;
								}
								_t42 = E70435C8D(_t43, 0, _t59, 0);
								__eflags = _t42;
								if(_t42 != 0) {
									goto L14;
								}
								 *0x7043eea8 =  *0x7043eea8 + 1;
								goto L29;
							}
							L9:
							E70435F9E();
						}
						E70436D3A();
					}
				}
				goto L2;
			}


























                                                                                                                                0x70433f39
                                                                                                                                0x70433f40
                                                                                                                                0x70433f43
                                                                                                                                0x70433f4b
                                                                                                                                0x70434031
                                                                                                                                0x70434033
                                                                                                                                0x7043406a
                                                                                                                                0x7043406d
                                                                                                                                0x704340bb
                                                                                                                                0x704340be
                                                                                                                                0x704340c7
                                                                                                                                0x704340c9
                                                                                                                                0x704340c9
                                                                                                                                0x704340ca
                                                                                                                                0x704340d7
                                                                                                                                0x704340d7
                                                                                                                                0x704340c1
                                                                                                                                0x704340c6
                                                                                                                                0x00000000
                                                                                                                                0x704340c6
                                                                                                                                0x7043406f
                                                                                                                                0x70434080
                                                                                                                                0x70434084
                                                                                                                                0x70434086
                                                                                                                                0x70433f6c
                                                                                                                                0x70433f6c
                                                                                                                                0x00000000
                                                                                                                                0x70433f6c
                                                                                                                                0x7043408c
                                                                                                                                0x7043408d
                                                                                                                                0x704340a1
                                                                                                                                0x704340a3
                                                                                                                                0x704340af
                                                                                                                                0x704340b0
                                                                                                                                0x00000000
                                                                                                                                0x704340b5
                                                                                                                                0x704340a5
                                                                                                                                0x704340a6
                                                                                                                                0x704340a7
                                                                                                                                0x00000000
                                                                                                                                0x704340ac
                                                                                                                                0x70434035
                                                                                                                                0x7043403b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70434041
                                                                                                                                0x70434047
                                                                                                                                0x7043404d
                                                                                                                                0x7043404f
                                                                                                                                0x7043404f
                                                                                                                                0x70434054
                                                                                                                                0x70434057
                                                                                                                                0x70434059
                                                                                                                                0x7043405e
                                                                                                                                0x70434063
                                                                                                                                0x70434063
                                                                                                                                0x00000000
                                                                                                                                0x70434057
                                                                                                                                0x70433f58
                                                                                                                                0x70433f6a
                                                                                                                                0x70433f79
                                                                                                                                0x70433f7f
                                                                                                                                0x70433f84
                                                                                                                                0x70433f87
                                                                                                                                0x70433f89
                                                                                                                                0x70433f89
                                                                                                                                0x70433f89
                                                                                                                                0x70433f8e
                                                                                                                                0x70433f94
                                                                                                                                0x70433f9a
                                                                                                                                0x70433fa5
                                                                                                                                0x70433fa9
                                                                                                                                0x70433faf
                                                                                                                                0x70433fb5
                                                                                                                                0x70433fbb
                                                                                                                                0x70433fc0
                                                                                                                                0x70433fc5
                                                                                                                                0x70433fc6
                                                                                                                                0x70433fc8
                                                                                                                                0x70433fca
                                                                                                                                0x70433fcf
                                                                                                                                0x70433fd1
                                                                                                                                0x70433fe0
                                                                                                                                0x70433fe5
                                                                                                                                0x70433fea
                                                                                                                                0x70433fef
                                                                                                                                0x70433ff4
                                                                                                                                0x70433ff6
                                                                                                                                0x70433fff
                                                                                                                                0x70434004
                                                                                                                                0x70434006
                                                                                                                                0x70434028
                                                                                                                                0x70434028
                                                                                                                                0x00000000
                                                                                                                                0x70434028
                                                                                                                                0x70434008
                                                                                                                                0x7043400d
                                                                                                                                0x7043400f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70434013
                                                                                                                                0x70434019
                                                                                                                                0x7043401b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043401d
                                                                                                                                0x00000000
                                                                                                                                0x7043401d
                                                                                                                                0x70433ff8
                                                                                                                                0x70433ff8
                                                                                                                                0x70433ff8
                                                                                                                                0x70433fd3
                                                                                                                                0x70433fd3
                                                                                                                                0x70433fc8
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetVersionExA.KERNEL32(?), ref: 70433F62
                                                                                                                                • __heap_term.LIBCMT ref: 70433FD3
                                                                                                                                • GetCommandLineA.KERNEL32 ref: 70433FDA
                                                                                                                                • ___crtGetEnvironmentStringsA.LIBCMT ref: 70433FE5
                                                                                                                                  • Part of subcall function 70436B37: GetEnvironmentStringsW.KERNEL32(?,?,?,70433FEA), ref: 70436B55
                                                                                                                                  • Part of subcall function 70436B37: GetEnvironmentStringsW.KERNEL32(?,?,?,70433FEA), ref: 70436B90
                                                                                                                                • __mtterm.LIBCMT ref: 70433FF8
                                                                                                                                  • Part of subcall function 70435F9E: TlsFree.KERNEL32(0000001C,70434063), ref: 70435FC9
                                                                                                                                  • Part of subcall function 70435F9E: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,70434063), ref: 70438457
                                                                                                                                  • Part of subcall function 70435F9E: DeleteCriticalSection.KERNEL32(0000001C,?,?,70434063), ref: 70438481
                                                                                                                                • __mtterm.LIBCMT ref: 7043405E
                                                                                                                                • __heap_term.LIBCMT ref: 70434063
                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 7043406F
                                                                                                                                  • Part of subcall function 70435F6F: TlsGetValue.KERNEL32(704360BE,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435F75
                                                                                                                                  • Part of subcall function 70435F6F: TlsSetValue.KERNEL32(00000000,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435F92
                                                                                                                                  • Part of subcall function 704353B8: __calloc_impl.LIBCMT ref: 704353CD
                                                                                                                                  • Part of subcall function 70435202: __lock.LIBCMT ref: 70435220
                                                                                                                                  • Part of subcall function 70435202: ___sbh_find_block.LIBCMT ref: 7043522B
                                                                                                                                  • Part of subcall function 70435202: ___sbh_free_block.LIBCMT ref: 7043523A
                                                                                                                                  • Part of subcall function 70435202: HeapFree.KERNEL32(00000000,70433EBE,7043C6C8,0000000C,70438556,00000000,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004,7043C6E8,0000000C), ref: 7043526A
                                                                                                                                  • Part of subcall function 70435202: GetLastError.KERNEL32(?,70435316,00000004,7043C6E8,0000000C,7043A2D0,70433EBE,?,00000000,00000000,00000000,?,704360E4,00000001,00000214), ref: 7043527B
                                                                                                                                • __freeptd.LIBCMT ref: 704340C1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnvironmentStrings$CriticalDeleteFreeSectionValue__heap_term__mtterm$CommandErrorHeapLastLineVersion___crt___sbh_find_block___sbh_free_block___set_flsgetvalue__calloc_impl__freeptd__lock
                                                                                                                                • String ID: p4x
                                                                                                                                • API String ID: 3962136929-1313127355
                                                                                                                                • Opcode ID: 0b929cb0073b7de2f0fe2832caa6a282b102b21d3aa4ef5409e816504f62ddbf
                                                                                                                                • Instruction ID: a13badb4b0690dcf1ecb08fed41e47bfea8940703f2f6948c57875ece3603ebf
                                                                                                                                • Opcode Fuzzy Hash: 0b929cb0073b7de2f0fe2832caa6a282b102b21d3aa4ef5409e816504f62ddbf
                                                                                                                                • Instruction Fuzzy Hash: 29411832A05502DED71A9B76CC0278EF7B4EB4D259FE0712EE505B62D0DBB8A8418B16
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989CCD, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E70989CCD(intOrPtr _a4) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				void* _t12;

				if(TlsGetValue( *0x7099616c) == 0) {
					L4:
					_t6 = GetModuleHandleW(L"KERNELBASE.DLL");
					if(_t6 != 0) {
						L6:
						_t7 = GetProcAddress(_t6, "EncodePointer");
						L7:
						if(_t7 != 0) {
							_t9 =  *_t7(_a4); // executed
							_a4 = _t9;
						}
						L9:
						return _a4;
					}
					_t6 = GetModuleHandleW(L"KERNEL32.DLL");
					if(_t6 == 0) {
						goto L9;
					}
					goto L6;
				}
				_t10 =  *0x70996170; // 0x5
				if(_t10 == 0xffffffff) {
					goto L4;
				}
				_push(_t10);
				_t12 =  *(TlsGetValue( *0x7099616c))();
				if(_t12 == 0) {
					goto L4;
				}
				_t7 =  *(_t12 + 0x1f8);
				goto L7;
			}








                                                                                                                                0x70989ce3
                                                                                                                                0x70989d06
                                                                                                                                0x70989d11
                                                                                                                                0x70989d15
                                                                                                                                0x70989d22
                                                                                                                                0x70989d28
                                                                                                                                0x70989d2e
                                                                                                                                0x70989d30
                                                                                                                                0x70989d35
                                                                                                                                0x70989d37
                                                                                                                                0x70989d37
                                                                                                                                0x70989d3a
                                                                                                                                0x70989d3f
                                                                                                                                0x70989d3f
                                                                                                                                0x70989d1c
                                                                                                                                0x70989d20
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989d20
                                                                                                                                0x70989ce5
                                                                                                                                0x70989ced
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989cef
                                                                                                                                0x70989cf8
                                                                                                                                0x70989cfc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989cfe
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • TlsGetValue.KERNEL32(7098EE91,?,7098EF2A,7098EE91,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004), ref: 70989CDF
                                                                                                                                • TlsGetValue.KERNEL32(00000005,?,7098EF2A,7098EE91,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004), ref: 70989CF6
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,?,7098EF2A,7098EE91,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004), ref: 70989D11
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,7098EF2A,7098EE91,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004), ref: 70989D1C
                                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 70989D28
                                                                                                                                • RtlEncodePointer.NTDLL(70986DBD,?,7098EF2A,7098EE91,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004), ref: 70989D35
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressEncodePointerProc
                                                                                                                                • String ID: EncodePointer$KERNEL32.DLL$KERNELBASE.DLL
                                                                                                                                • API String ID: 2716346623-161783727
                                                                                                                                • Opcode ID: 3279e02950490348aa8d60aa8e0c3f169feadd50e35cb532b41f58bd181acde5
                                                                                                                                • Instruction ID: 0c5c1790b8228c0c06cfe469d47d8a4b94d2831a86215894e150f912156be708
                                                                                                                                • Opcode Fuzzy Hash: 3279e02950490348aa8d60aa8e0c3f169feadd50e35cb532b41f58bd181acde5
                                                                                                                                • Instruction Fuzzy Hash: 46F04435614115EB8B109B66DD00B5E3EAC9B412957284136FC1AD73E0EB31EC41DA66
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989D53, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E70989D53(intOrPtr _a4) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				void* _t12;

				if(TlsGetValue( *0x7099616c) == 0) {
					L4:
					_t6 = GetModuleHandleW(L"KERNELBASE.DLL");
					if(_t6 != 0) {
						L6:
						_t7 = GetProcAddress(_t6, "DecodePointer");
						L7:
						if(_t7 != 0) {
							_t9 =  *_t7(_a4); // executed
							_a4 = _t9;
						}
						L9:
						return _a4;
					}
					_t6 = GetModuleHandleW(L"KERNEL32.DLL");
					if(_t6 == 0) {
						goto L9;
					}
					goto L6;
				}
				_t10 =  *0x70996170; // 0x5
				if(_t10 == 0xffffffff) {
					goto L4;
				}
				_push(_t10);
				_t12 =  *(TlsGetValue( *0x7099616c))();
				if(_t12 == 0) {
					goto L4;
				}
				_t7 =  *(_t12 + 0x1fc);
				goto L7;
			}








                                                                                                                                0x70989d69
                                                                                                                                0x70989d8c
                                                                                                                                0x70989d97
                                                                                                                                0x70989d9b
                                                                                                                                0x70989da8
                                                                                                                                0x70989dae
                                                                                                                                0x70989db4
                                                                                                                                0x70989db6
                                                                                                                                0x70989dbb
                                                                                                                                0x70989dbd
                                                                                                                                0x70989dbd
                                                                                                                                0x70989dc0
                                                                                                                                0x70989dc5
                                                                                                                                0x70989dc5
                                                                                                                                0x70989da2
                                                                                                                                0x70989da6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989da6
                                                                                                                                0x70989d6b
                                                                                                                                0x70989d73
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989d75
                                                                                                                                0x70989d7e
                                                                                                                                0x70989d82
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989d84
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • TlsGetValue.KERNEL32(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D65
                                                                                                                                • TlsGetValue.KERNEL32(00000005,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D7C
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D97
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989DA2
                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 70989DAE
                                                                                                                                • RtlDecodePointer.NTDLL(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989DBB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressDecodePointerProc
                                                                                                                                • String ID: DecodePointer$KERNEL32.DLL$KERNELBASE.DLL
                                                                                                                                • API String ID: 2090190849-2977709689
                                                                                                                                • Opcode ID: fd95e6186c30e1e4dcb7a7db5273c16eec4157d5e9d0dc77ae61f790f9d5f5c8
                                                                                                                                • Instruction ID: e09e7335b1002da517e44380283b65ebd8b837fd59f641409b4f654c93c5efe1
                                                                                                                                • Opcode Fuzzy Hash: fd95e6186c30e1e4dcb7a7db5273c16eec4157d5e9d0dc77ae61f790f9d5f5c8
                                                                                                                                • Instruction Fuzzy Hash: 27F04F31614115EB8F00AB76CD00F9E3FBC9F812947284132FC0AE73E1DB21EC419AAA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70435E63, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E70435E63(intOrPtr _a4) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				void* _t12;

				if(TlsGetValue( *0x7043e0f4) == 0) {
					L4:
					_t6 = GetModuleHandleW(L"KERNELBASE.DLL");
					if(_t6 != 0) {
						L6:
						_t7 = GetProcAddress(_t6, "EncodePointer");
						L7:
						if(_t7 != 0) {
							_t9 =  *_t7(_a4); // executed
							_a4 = _t9;
						}
						L9:
						return _a4;
					}
					_t6 = GetModuleHandleW(L"KERNEL32.DLL");
					if(_t6 == 0) {
						goto L9;
					}
					goto L6;
				}
				_t10 =  *0x7043e0f8; // 0x6
				if(_t10 == 0xffffffff) {
					goto L4;
				}
				_push(_t10);
				_t12 =  *(TlsGetValue( *0x7043e0f4))();
				if(_t12 == 0) {
					goto L4;
				}
				_t7 =  *(_t12 + 0x1f8);
				goto L7;
			}








                                                                                                                                0x70435e79
                                                                                                                                0x70435e9c
                                                                                                                                0x70435ea7
                                                                                                                                0x70435eab
                                                                                                                                0x70435eb8
                                                                                                                                0x70435ebe
                                                                                                                                0x70435ec4
                                                                                                                                0x70435ec6
                                                                                                                                0x70435ecb
                                                                                                                                0x70435ecd
                                                                                                                                0x70435ecd
                                                                                                                                0x70435ed0
                                                                                                                                0x70435ed5
                                                                                                                                0x70435ed5
                                                                                                                                0x70435eb2
                                                                                                                                0x70435eb6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435eb6
                                                                                                                                0x70435e7b
                                                                                                                                0x70435e83
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435e85
                                                                                                                                0x70435e8e
                                                                                                                                0x70435e92
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435e94
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • TlsGetValue.KERNEL32(704396E1,?,7043977A,704396E1,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004), ref: 70435E75
                                                                                                                                • TlsGetValue.KERNEL32(00000006,?,7043977A,704396E1,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004), ref: 70435E8C
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,?,7043977A,704396E1,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004), ref: 70435EA7
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,7043977A,704396E1,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004), ref: 70435EB2
                                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 70435EBE
                                                                                                                                • RtlEncodePointer.NTDLL(70433EBE,?,7043977A,704396E1,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004), ref: 70435ECB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressEncodePointerProc
                                                                                                                                • String ID: EncodePointer$KERNEL32.DLL$KERNELBASE.DLL
                                                                                                                                • API String ID: 2716346623-161783727
                                                                                                                                • Opcode ID: 765f87c0846507440b78e6651a9aac85c57509cdf7433490f4ca50ac5f23063a
                                                                                                                                • Instruction ID: cb6f5b4385128a844171467c55a4915343f3d48c6619def346c2f88533fe5e4c
                                                                                                                                • Opcode Fuzzy Hash: 765f87c0846507440b78e6651a9aac85c57509cdf7433490f4ca50ac5f23063a
                                                                                                                                • Instruction Fuzzy Hash: 15F0C832500126EB9B049B76CD01F5EBFB99B082A5BA06131FC1DF77B0EB38DD518A64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70435EE9, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 41libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E70435EE9(intOrPtr _a4) {
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				void* _t12;

				if(TlsGetValue( *0x7043e0f4) == 0) {
					L4:
					_t6 = GetModuleHandleW(L"KERNELBASE.DLL");
					if(_t6 != 0) {
						L6:
						_t7 = GetProcAddress(_t6, "DecodePointer");
						L7:
						if(_t7 != 0) {
							_t9 =  *_t7(_a4); // executed
							_a4 = _t9;
						}
						L9:
						return _a4;
					}
					_t6 = GetModuleHandleW(L"KERNEL32.DLL");
					if(_t6 == 0) {
						goto L9;
					}
					goto L6;
				}
				_t10 =  *0x7043e0f8; // 0x6
				if(_t10 == 0xffffffff) {
					goto L4;
				}
				_push(_t10);
				_t12 =  *(TlsGetValue( *0x7043e0f4))();
				if(_t12 == 0) {
					goto L4;
				}
				_t7 =  *(_t12 + 0x1fc);
				goto L7;
			}








                                                                                                                                0x70435eff
                                                                                                                                0x70435f22
                                                                                                                                0x70435f2d
                                                                                                                                0x70435f31
                                                                                                                                0x70435f3e
                                                                                                                                0x70435f44
                                                                                                                                0x70435f4a
                                                                                                                                0x70435f4c
                                                                                                                                0x70435f51
                                                                                                                                0x70435f53
                                                                                                                                0x70435f53
                                                                                                                                0x70435f56
                                                                                                                                0x70435f5b
                                                                                                                                0x70435f5b
                                                                                                                                0x70435f38
                                                                                                                                0x70435f3c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435f3c
                                                                                                                                0x70435f01
                                                                                                                                0x70435f09
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435f0b
                                                                                                                                0x70435f14
                                                                                                                                0x70435f18
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435f1a
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • TlsGetValue.KERNEL32(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435EFB
                                                                                                                                • TlsGetValue.KERNEL32(00000006,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F12
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F2D
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F38
                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 70435F44
                                                                                                                                • RtlDecodePointer.NTDLL(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F51
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressDecodePointerProc
                                                                                                                                • String ID: DecodePointer$KERNEL32.DLL$KERNELBASE.DLL
                                                                                                                                • API String ID: 2090190849-2977709689
                                                                                                                                • Opcode ID: f6e36580555a19c73ca9cab3375bd6d7cb2329df48d54d617afe1c80f2c22d90
                                                                                                                                • Instruction ID: dbba8190af17cbb3f599eea8ad3ce247e2b3d594d29847d7b7fc6a79cecbcd64
                                                                                                                                • Opcode Fuzzy Hash: f6e36580555a19c73ca9cab3375bd6d7cb2329df48d54d617afe1c80f2c22d90
                                                                                                                                • Instruction Fuzzy Hash: F4F0443550412AEA9B045B66DD40E5DBFB9AB083A4B50A131FD19F7370DB24DC518AA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70987630, Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                C-Code - Quality: 89%
                                                                                                                                			E70987630(signed int _a8, signed int _a12) {
				signed int _v8;
				struct _OSVERSIONINFOA _v156;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				signed int _t13;
				signed int _t15;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t36;
				signed int _t37;
				signed int _t41;
				signed int _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t53;
				signed int _t54;
				void* _t55;
				intOrPtr _t57;
				signed int _t62;

				_t11 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t11 ^ _t62;
				_t13 = _a8;
				if(_t13 != 1) {
					__eflags = _t13;
					if(_t13 != 0) {
						__eflags = _t13 - 2;
						if(_t13 != 2) {
							__eflags = _t13 - 3;
							if(_t13 != 3) {
								L29:
								_t15 = 1;
								__eflags = 1;
								L30:
								return E70987FB3(_t15, _t43, _v8 ^ _t62, _t57, 0, _t59);
							}
							E7098A107(_t43, 0, _t59, 0);
							L28:
							goto L29;
						}
						E70989DD9();
						_t59 = E70989222(_t44, _t59, __eflags, 1, 0x214);
						__eflags = _t59;
						if(_t59 == 0) {
							L2:
							_t15 = 0;
							goto L30;
						}
						_push(_t59);
						_push( *0x70996170);
						__eflags =  *((intOrPtr*)(E70989D53( *0x709972ac)))();
						if(__eflags == 0) {
							_push(_t59);
							E70988AB7(_t43, 0, _t59, __eflags);
							goto L2;
						}
						_push(0);
						_push(_t59);
						E70989E4A(_t43, 0, _t59, __eflags);
						goto L28;
					}
					__eflags =  *0x70997240; // 0x0
					if(__eflags <= 0) {
						goto L2;
					}
					 *0x70997240 =  *0x70997240 - 1;
					__eflags =  *0x7099729c; // 0x1
					if(__eflags == 0) {
						E70989C72();
					}
					__eflags = _a12;
					if(_a12 == 0) {
						E7098A538();
						E70989E08();
						E7098ABA4();
					}
					goto L29;
				}
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0) {
					_t53 = _v156.dwPlatformId;
					_t31 = _v156.dwBuildNumber & 0x00007fff;
					__eflags = _t53 - 2;
					if(_t53 != 2) {
						_t31 = _t31 | 0x00008000;
						__eflags = _t31;
					}
					_t57 = _v156.dwMinorVersion;
					 *0x70997260 = _t53;
					_t54 = _v156.dwMajorVersion;
					_t59 = (_t54 << 8) + _t57;
					 *0x70997268 = (_t54 << 8) + _t57;
					 *0x7099726c = _t54;
					 *0x70997270 = _t57;
					 *0x70997264 = _t31; // executed
					_t32 = E7098AB3F(_t43, _t57, 0, 1); // executed
					_pop(_t55);
					__eflags = _t32;
					if(_t32 != 0) {
						_t33 = E7098A17A();
						__eflags = _t33;
						if(_t33 != 0) {
							 *0x70998e5c = GetCommandLineA(); // executed
							_t35 = E7098A9A1(); // executed
							 *0x70997248 = _t35; // executed
							_t36 = E7098A2F9(_t43, _t55, _t57, 0, _t59, __eflags); // executed
							__eflags = _t36;
							if(_t36 >= 0) {
								_t37 = E7098A8AD(_t55);
								__eflags = _t37;
								if(_t37 < 0) {
									L14:
									E7098A538();
									goto L9;
								}
								_t41 = E7098A58B();
								__eflags = _t41;
								if(_t41 < 0) {
									goto L14;
								}
								_t42 = E70989AF7(_t43, 0, _t59, 0); // executed
								__eflags = _t42;
								if(_t42 != 0) {
									goto L14;
								}
								 *0x70997240 =  *0x70997240 + 1;
								goto L29;
							}
							L9:
							E70989E08();
						}
						E7098ABA4();
					}
				}
				goto L2;
			}


























                                                                                                                                0x7098763b
                                                                                                                                0x70987642
                                                                                                                                0x70987645
                                                                                                                                0x7098764d
                                                                                                                                0x70987733
                                                                                                                                0x70987735
                                                                                                                                0x7098776c
                                                                                                                                0x7098776f
                                                                                                                                0x709877bd
                                                                                                                                0x709877c0
                                                                                                                                0x709877c9
                                                                                                                                0x709877cb
                                                                                                                                0x709877cb
                                                                                                                                0x709877cc
                                                                                                                                0x709877d9
                                                                                                                                0x709877d9
                                                                                                                                0x709877c3
                                                                                                                                0x709877c8
                                                                                                                                0x00000000
                                                                                                                                0x709877c8
                                                                                                                                0x70987771
                                                                                                                                0x70987782
                                                                                                                                0x70987786
                                                                                                                                0x70987788
                                                                                                                                0x7098766e
                                                                                                                                0x7098766e
                                                                                                                                0x00000000
                                                                                                                                0x7098766e
                                                                                                                                0x7098778e
                                                                                                                                0x7098778f
                                                                                                                                0x709877a3
                                                                                                                                0x709877a5
                                                                                                                                0x709877b1
                                                                                                                                0x709877b2
                                                                                                                                0x00000000
                                                                                                                                0x709877b7
                                                                                                                                0x709877a7
                                                                                                                                0x709877a8
                                                                                                                                0x709877a9
                                                                                                                                0x00000000
                                                                                                                                0x709877ae
                                                                                                                                0x70987737
                                                                                                                                0x7098773d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70987743
                                                                                                                                0x70987749
                                                                                                                                0x7098774f
                                                                                                                                0x70987751
                                                                                                                                0x70987751
                                                                                                                                0x70987756
                                                                                                                                0x70987759
                                                                                                                                0x7098775b
                                                                                                                                0x70987760
                                                                                                                                0x70987765
                                                                                                                                0x70987765
                                                                                                                                0x00000000
                                                                                                                                0x70987759
                                                                                                                                0x7098765a
                                                                                                                                0x7098766c
                                                                                                                                0x7098767b
                                                                                                                                0x70987681
                                                                                                                                0x70987686
                                                                                                                                0x70987689
                                                                                                                                0x7098768b
                                                                                                                                0x7098768b
                                                                                                                                0x7098768b
                                                                                                                                0x70987690
                                                                                                                                0x70987696
                                                                                                                                0x7098769c
                                                                                                                                0x709876a7
                                                                                                                                0x709876ab
                                                                                                                                0x709876b1
                                                                                                                                0x709876b7
                                                                                                                                0x709876bd
                                                                                                                                0x709876c2
                                                                                                                                0x709876c7
                                                                                                                                0x709876c8
                                                                                                                                0x709876ca
                                                                                                                                0x709876cc
                                                                                                                                0x709876d1
                                                                                                                                0x709876d3
                                                                                                                                0x709876e2
                                                                                                                                0x709876e7
                                                                                                                                0x709876ec
                                                                                                                                0x709876f1
                                                                                                                                0x709876f6
                                                                                                                                0x709876f8
                                                                                                                                0x70987701
                                                                                                                                0x70987706
                                                                                                                                0x70987708
                                                                                                                                0x7098772a
                                                                                                                                0x7098772a
                                                                                                                                0x00000000
                                                                                                                                0x7098772a
                                                                                                                                0x7098770a
                                                                                                                                0x7098770f
                                                                                                                                0x70987711
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70987715
                                                                                                                                0x7098771b
                                                                                                                                0x7098771d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098771f
                                                                                                                                0x00000000
                                                                                                                                0x7098771f
                                                                                                                                0x709876fa
                                                                                                                                0x709876fa
                                                                                                                                0x709876fa
                                                                                                                                0x709876d5
                                                                                                                                0x709876d5
                                                                                                                                0x709876ca
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetVersionExA.KERNEL32(?), ref: 70987664
                                                                                                                                • __heap_term.LIBCMT ref: 709876D5
                                                                                                                                • GetCommandLineA.KERNEL32 ref: 709876DC
                                                                                                                                • ___crtGetEnvironmentStringsA.LIBCMT ref: 709876E7
                                                                                                                                  • Part of subcall function 7098A9A1: GetEnvironmentStringsW.KERNEL32(?,?,?,709876EC), ref: 7098A9BF
                                                                                                                                  • Part of subcall function 7098A9A1: GetEnvironmentStringsW.KERNEL32(?,?,?,709876EC), ref: 7098A9FA
                                                                                                                                  • Part of subcall function 7098A2F9: GetStartupInfoA.KERNEL32(?), ref: 7098A30E
                                                                                                                                  • Part of subcall function 7098A2F9: GetFileType.KERNEL32(00000024), ref: 7098A41C
                                                                                                                                • __mtterm.LIBCMT ref: 709876FA
                                                                                                                                  • Part of subcall function 70989E08: TlsFree.KERNEL32(0000001B,70987765), ref: 70989E33
                                                                                                                                  • Part of subcall function 70989E08: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,70987765), ref: 7098D92F
                                                                                                                                  • Part of subcall function 70989E08: DeleteCriticalSection.KERNEL32(0000001B,?,?,70987765), ref: 7098D959
                                                                                                                                • __mtterm.LIBCMT ref: 70987760
                                                                                                                                • __heap_term.LIBCMT ref: 70987765
                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 70987771
                                                                                                                                  • Part of subcall function 70989DD9: TlsGetValue.KERNEL32(70989F28,?,70986DBD,?), ref: 70989DDF
                                                                                                                                  • Part of subcall function 70989DD9: TlsSetValue.KERNEL32(00000000,70986DBD,?), ref: 70989DFC
                                                                                                                                  • Part of subcall function 70989222: __calloc_impl.LIBCMT ref: 70989237
                                                                                                                                  • Part of subcall function 70988AB7: __lock.LIBCMT ref: 70988AD5
                                                                                                                                  • Part of subcall function 70988AB7: ___sbh_find_block.LIBCMT ref: 70988AE0
                                                                                                                                  • Part of subcall function 70988AB7: ___sbh_free_block.LIBCMT ref: 70988AEF
                                                                                                                                  • Part of subcall function 70988AB7: HeapFree.KERNEL32(00000000,70986DBD,70993878,0000000C,7098DA2E,00000000,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004,709938D8,0000000C), ref: 70988B1F
                                                                                                                                  • Part of subcall function 70988AB7: GetLastError.KERNEL32(?,70989180,00000004,709938D8,0000000C,7098EFB3,70986DBD,?,00000000,00000000,00000000,?,70989F4E,00000001,00000214), ref: 70988B30
                                                                                                                                • __freeptd.LIBCMT ref: 709877C3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnvironmentStrings$CriticalDeleteFreeSectionValue__heap_term__mtterm$CommandErrorFileHeapInfoLastLineStartupTypeVersion___crt___sbh_find_block___sbh_free_block___set_flsgetvalue__calloc_impl__freeptd__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1310252945-0
                                                                                                                                • Opcode ID: 74b3a5a1d0f2c4b6e61742561efde2c4a48712d1e24a8d60f138a0d12f45dc26
                                                                                                                                • Instruction ID: 81b33a878999deef2c9cb44361ab05dddf9850242c8b2d3e9778a6074f2a39ee
                                                                                                                                • Opcode Fuzzy Hash: 74b3a5a1d0f2c4b6e61742561efde2c4a48712d1e24a8d60f138a0d12f45dc26
                                                                                                                                • Instruction Fuzzy Hash: 004181329386019ED716DB768C41B5DF7A9AB85658F30002BF81AD23D4EE35E8C0DA63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098693D, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 174 7098693d-70986959 175 709869cb-709869d7 call 70987fb3 174->175 176 7098695b-70986973 GetSystemDirectoryW 174->176 176->175 177 70986975-7098697e 176->177 179 7098697f-70986988 177->179 179->179 181 7098698a-709869a6 GetFileAttributesW 179->181 181->175 182 709869a8-709869b8 LoadLibraryW 181->182 182->175 183 709869ba-709869c6 GetProcAddress 182->183 183->175
                                                                                                                                C-Code - Quality: 71%
                                                                                                                                			E7098693D(void* __ecx) {
				signed int _v8;
				short _v532;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t11;
				intOrPtr _t15;
				void* _t18;
				signed int _t22;
				void* _t24;
				void* _t25;
				void* _t28;
				void* _t32;
				signed int _t34;

				_t11 =  *0x709960d0; // 0x6ee0df6e
				_t12 = _t11 ^ _t34;
				_v8 = _t11 ^ _t34;
				_t18 = __ecx;
				if( *((char*)(__ecx + 0x30)) != 0) {
					L7:
					return E70987FB3(_t12, _t18, _v8 ^ _t34, _t24, _t25, _t32);
				}
				 *((char*)(__ecx + 0x30)) = 1;
				if(GetSystemDirectoryW( &_v532, 0x104) != 0) {
					_push(_t32);
					_push(_t25);
					_t28 =  &_v532;
					do {
						_t15 =  *((intOrPtr*)(_t28 + 2));
						_t28 = _t28 + 2;
					} while (_t15 != 0);
					_t22 = 6;
					memcpy(_t28, L"\\WINUSB.DLL", _t22 << 2);
					_t12 = GetFileAttributesW( &_v532); // executed
					_pop(_t25);
					_pop(_t32);
					if(_t12 != 0xffffffff) {
						_t12 = LoadLibraryW(L"AdbWinUsbApi.dll"); // executed
						 *(_t18 + 0x2c) = _t12;
						if(_t12 != 0) {
							 *0x7099712c = _t12;
						}
					}
				}
			}

















                                                                                                                                0x70986948
                                                                                                                                0x7098694d
                                                                                                                                0x7098694f
                                                                                                                                0x70986953
                                                                                                                                0x70986959
                                                                                                                                0x709869cb
                                                                                                                                0x709869d7
                                                                                                                                0x709869d7
                                                                                                                                0x70986967
                                                                                                                                0x70986973
                                                                                                                                0x70986975
                                                                                                                                0x70986976
                                                                                                                                0x7098697e
                                                                                                                                0x7098697f
                                                                                                                                0x7098697f
                                                                                                                                0x70986984
                                                                                                                                0x70986985
                                                                                                                                0x7098698c
                                                                                                                                0x70986999
                                                                                                                                0x7098699b
                                                                                                                                0x709869a1
                                                                                                                                0x709869a2
                                                                                                                                0x709869a6
                                                                                                                                0x709869ad
                                                                                                                                0x709869b3
                                                                                                                                0x709869b8
                                                                                                                                0x709869c6
                                                                                                                                0x709869c6
                                                                                                                                0x709869b8
                                                                                                                                0x709869a6

                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7098696B
                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 7098699B
                                                                                                                                • LoadLibraryW.KERNELBASE(AdbWinUsbApi.dll), ref: 709869AD
                                                                                                                                • GetProcAddress.KERNEL32(00000000,InstantiateWinUsbInterface), ref: 709869C0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressAttributesDirectoryFileLibraryLoadProcSystem
                                                                                                                                • String ID: AdbWinUsbApi.dll$InstantiateWinUsbInterface$\WINUSB.DLL
                                                                                                                                • API String ID: 2435889673-2304870531
                                                                                                                                • Opcode ID: 6a8a4f5022201e0ad5004c3a3bc422d455ed9d924fbba17f9c8de83249b5cd56
                                                                                                                                • Instruction ID: 298a790fb4e2fa4f155c9256225a49a886699046eda1301d89bc67a598fe9dcb
                                                                                                                                • Opcode Fuzzy Hash: 6a8a4f5022201e0ad5004c3a3bc422d455ed9d924fbba17f9c8de83249b5cd56
                                                                                                                                • Instruction Fuzzy Hash: AE110475504208DBCB10DF368D88BAEB7BCAB44714F2006A5E816EB3D4DB70D9C88A61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098A2F9, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 243 7098a2f9-7098a32a call 70988d28 GetStartupInfoA call 70989222 248 7098a52a 243->248 249 7098a330-7098a341 243->249 251 7098a52d-7098a532 call 70988d6d 248->251 250 7098a368-7098a36a 249->250 252 7098a36c-7098a370 250->252 253 7098a343-7098a362 250->253 255 7098a470 252->255 256 7098a376-7098a37b 252->256 253->250 258 7098a472-7098a482 255->258 256->255 259 7098a381-7098a393 256->259 260 7098a48f-7098a495 258->260 261 7098a484-7098a487 258->261 262 7098a395 259->262 263 7098a397-7098a39a 259->263 265 7098a49c-7098a4a3 260->265 266 7098a497-7098a49a 260->266 261->260 264 7098a489-7098a48d 261->264 262->263 267 7098a3ea-7098a3f0 263->267 270 7098a502-7098a506 264->270 271 7098a4a6-7098a4b2 GetStdHandle 265->271 266->271 268 7098a39c-7098a3a9 call 70989222 267->268 269 7098a3f2 267->269 280 7098a3ab-7098a3c1 268->280 281 7098a3f4 268->281 272 7098a3fa-7098a400 269->272 270->258 273 7098a50c-7098a51a SetHandleCount 270->273 274 7098a4f8-7098a4fc 271->274 275 7098a4b4-7098a4b6 271->275 272->255 277 7098a402-7098a40a 272->277 273->251 274->270 275->274 278 7098a4b8-7098a4c1 GetFileType 275->278 282 7098a40c-7098a40f 277->282 283 7098a463-7098a46e 277->283 278->274 284 7098a4c3-7098a4cd 278->284 285 7098a3e5-7098a3e7 280->285 281->272 282->283 286 7098a411-7098a415 282->286 283->255 283->277 287 7098a4cf-7098a4d3 284->287 288 7098a4d5-7098a4d8 284->288 289 7098a3e9 285->289 290 7098a3c3-7098a3df 285->290 286->283 291 7098a417-7098a419 286->291 292 7098a4de-7098a4f0 call 7098eeab 287->292 288->292 293 7098a4da 288->293 289->267 290->285 295 7098a41b-7098a424 GetFileType 291->295 296 7098a426-7098a459 call 7098eeab 291->296 292->248 299 7098a4f2-7098a4f6 292->299 293->292 295->283 295->296 296->248 301 7098a45f 296->301 299->270 301->283
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E7098A2F9(void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t58;
				void* _t61;
				long _t65;
				signed int _t68;
				signed int _t69;
				int* _t71;
				signed int* _t74;
				signed char _t76;
				long _t83;
				signed int _t85;
				int* _t86;
				void* _t87;
				signed int _t90;
				void* _t96;
				signed int _t99;
				int _t102;
				void* _t103;
				int _t104;
				void** _t109;
				signed int _t111;
				void** _t115;
				void* _t116;
				void* _t117;

				_t117 = __eflags;
				_t99 = __edx;
				_t87 = __ecx;
				_push(0x54);
				_push(0x70993980);
				E70988D28(__ebx, __edi, __esi);
				 *(_t116 - 4) = 0;
				GetStartupInfoA(_t116 - 0x64);
				 *(_t116 - 4) = 0xfffffffe;
				_push(0x24);
				_t102 = 0x20;
				_push(_t102); // executed
				_t58 = E70989222(_t87, 0, _t117); // executed
				if(_t58 == 0) {
					L45:
					_t59 = _t58 | 0xffffffff;
					__eflags = _t58 | 0xffffffff;
					L46:
					return E70988D6D(_t59);
				}
				 *0x70998d40 = _t58;
				 *0x70998d24 = _t102;
				_t4 = _t58 + 0x480; // 0x480
				_t90 = _t4;
				while(_t58 < _t90) {
					 *((char*)(_t58 + 4)) = 0;
					 *_t58 =  *_t58 | 0xffffffff;
					 *((char*)(_t58 + 5)) = 0xa;
					 *((intOrPtr*)(_t58 + 8)) = 0;
					 *((char*)(_t58 + 6)) = 0xa;
					 *((char*)(_t58 + 7)) = 0xa;
					_t58 = _t58 + 0x24;
					_t90 =  *0x70998d40 + 0x480;
					__eflags = _t90;
				}
				if( *((intOrPtr*)(_t116 - 0x32)) == 0) {
					L26:
					_t85 = 0;
					do {
						_t109 = _t85 * 0x24 +  *0x70998d40;
						_t61 =  *_t109;
						if(_t61 == 0xffffffff || _t61 == 0xfffffffe) {
							_t109[1] = 0x81;
							__eflags = _t85;
							if(_t85 != 0) {
								asm("sbb eax, eax");
								_t65 =  ~(_t85 - 1) + 0xfffffff5;
								__eflags = _t65;
							} else {
								_t65 = 0xfffffff6;
							}
							_t103 = GetStdHandle(_t65);
							__eflags = _t103 - 0xffffffff;
							if(_t103 == 0xffffffff) {
								L42:
								_t54 =  &(_t109[1]);
								 *_t54 = _t109[1] | 0x00000040;
								__eflags =  *_t54;
								 *_t109 = 0xfffffffe;
								goto L43;
							} else {
								__eflags = _t103;
								if(_t103 == 0) {
									goto L42;
								}
								_t68 = GetFileType(_t103);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L42;
								}
								 *_t109 = _t103;
								_t69 = _t68 & 0x000000ff;
								__eflags = _t69 - 2;
								if(__eflags != 0) {
									__eflags = _t69 - 3;
									if(__eflags == 0) {
										_t49 =  &(_t109[1]);
										 *_t49 = _t109[1] | 0x00000008;
										__eflags =  *_t49;
									}
								} else {
									_t109[1] = _t109[1] | 0x00000040;
								}
								_push(0xfa0);
								_t51 =  &(_t109[3]); // -1889111348
								_t58 = E7098EEAB(_t85, _t99, _t103, _t109, __eflags);
								__eflags = _t58;
								if(_t58 == 0) {
									goto L45;
								} else {
									_t109[2] = _t109[2] | 0x00000004;
									goto L43;
								}
							}
						} else {
							_t109[1] = _t109[1] | 0x00000080;
						}
						L43:
						_t85 = _t85 + 1;
					} while (_t85 < 3);
					SetHandleCount( *0x70998d24);
					_t59 = 0;
					goto L46;
				}
				_t71 =  *(_t116 - 0x30);
				if(_t71 == 0) {
					goto L26;
				}
				_t104 =  *_t71;
				_t86 =  &(_t71[1]);
				 *(_t116 - 0x1c) = _t86 + _t104;
				if(_t104 >= 0x800) {
					_t104 = 0x800;
				}
				_t111 = 1;
				while( *0x70998d24 < _t104) {
					_t74 = E70989222(_t90, _t111, __eflags, 0x20, 0x24);
					__eflags = _t74;
					if(__eflags == 0) {
						_t104 =  *0x70998d24;
						L17:
						 *(_t116 - 0x20) =  *(_t116 - 0x20) & 0x00000000;
						if(_t104 <= 0) {
							goto L26;
						} else {
							goto L18;
						}
						do {
							L18:
							_t96 =  *( *(_t116 - 0x1c));
							if(_t96 != 0xffffffff && _t96 != 0xfffffffe) {
								_t76 =  *_t86;
								if((_t76 & 0x00000001) == 0) {
									goto L25;
								}
								if((_t76 & 0x00000008) != 0) {
									L23:
									_t115 = ( *(_t116 - 0x20) & 0x0000001f) * 0x24 + 0x70998d40[ *(_t116 - 0x20) >> 5];
									 *_t115 =  *( *(_t116 - 0x1c));
									_t115[1] =  *_t86;
									_push(0xfa0);
									_t36 =  &(_t115[3]); // 0xc
									_t58 = E7098EEAB(_t86, _t99, _t104, _t115, _t129);
									if(_t58 == 0) {
										goto L45;
									}
									_t115[2] = _t115[2] | 0x00000004;
									goto L25;
								}
								_t83 = GetFileType(_t96);
								_t129 = _t83;
								if(_t83 == 0) {
									goto L25;
								}
								goto L23;
							}
							L25:
							 *(_t116 - 0x20) =  *(_t116 - 0x20) + 1;
							_t86 =  &(_t86[0]);
							 *(_t116 - 0x1c) =  &(( *(_t116 - 0x1c))[1]);
						} while ( *(_t116 - 0x20) < _t104);
						goto L26;
					}
					_t90 =  &(0x70998d40[_t111]);
					 *_t90 = _t74;
					 *0x70998d24 =  *0x70998d24 + 0x20;
					_t17 =  &(_t74[0x120]); // 0x480
					_t99 = _t17;
					while(1) {
						__eflags = _t74 - _t99;
						if(_t74 >= _t99) {
							break;
						}
						_t74[1] = 0;
						 *_t74 =  *_t74 | 0xffffffff;
						_t74[1] = 0xa;
						_t74[2] = _t74[2] & 0x00000000;
						_t74[1] = 0xa;
						_t74[1] = 0xa;
						_t74 =  &(_t74[9]);
						_t99 =  &(( *_t90)[0x120]);
						__eflags = _t99;
					}
					_t111 = _t111 + 1;
					__eflags = _t111;
				}
				goto L17;
			}


























                                                                                                                                0x7098a2f9
                                                                                                                                0x7098a2f9
                                                                                                                                0x7098a2f9
                                                                                                                                0x7098a2f9
                                                                                                                                0x7098a2fb
                                                                                                                                0x7098a300
                                                                                                                                0x7098a307
                                                                                                                                0x7098a30e
                                                                                                                                0x7098a314
                                                                                                                                0x7098a31b
                                                                                                                                0x7098a31f
                                                                                                                                0x7098a320
                                                                                                                                0x7098a321
                                                                                                                                0x7098a32a
                                                                                                                                0x7098a52a
                                                                                                                                0x7098a52a
                                                                                                                                0x7098a52a
                                                                                                                                0x7098a52d
                                                                                                                                0x7098a532
                                                                                                                                0x7098a532
                                                                                                                                0x7098a330
                                                                                                                                0x7098a335
                                                                                                                                0x7098a33b
                                                                                                                                0x7098a33b
                                                                                                                                0x7098a368
                                                                                                                                0x7098a343
                                                                                                                                0x7098a347
                                                                                                                                0x7098a34a
                                                                                                                                0x7098a34e
                                                                                                                                0x7098a351
                                                                                                                                0x7098a355
                                                                                                                                0x7098a359
                                                                                                                                0x7098a362
                                                                                                                                0x7098a362
                                                                                                                                0x7098a362
                                                                                                                                0x7098a370
                                                                                                                                0x7098a470
                                                                                                                                0x7098a470
                                                                                                                                0x7098a472
                                                                                                                                0x7098a477
                                                                                                                                0x7098a47d
                                                                                                                                0x7098a482
                                                                                                                                0x7098a48f
                                                                                                                                0x7098a493
                                                                                                                                0x7098a495
                                                                                                                                0x7098a4a1
                                                                                                                                0x7098a4a3
                                                                                                                                0x7098a4a3
                                                                                                                                0x7098a497
                                                                                                                                0x7098a499
                                                                                                                                0x7098a499
                                                                                                                                0x7098a4ad
                                                                                                                                0x7098a4af
                                                                                                                                0x7098a4b2
                                                                                                                                0x7098a4f8
                                                                                                                                0x7098a4f8
                                                                                                                                0x7098a4f8
                                                                                                                                0x7098a4f8
                                                                                                                                0x7098a4fc
                                                                                                                                0x00000000
                                                                                                                                0x7098a4b4
                                                                                                                                0x7098a4b4
                                                                                                                                0x7098a4b6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a4b9
                                                                                                                                0x7098a4bf
                                                                                                                                0x7098a4c1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a4c3
                                                                                                                                0x7098a4c5
                                                                                                                                0x7098a4ca
                                                                                                                                0x7098a4cd
                                                                                                                                0x7098a4d5
                                                                                                                                0x7098a4d8
                                                                                                                                0x7098a4da
                                                                                                                                0x7098a4da
                                                                                                                                0x7098a4da
                                                                                                                                0x7098a4da
                                                                                                                                0x7098a4cf
                                                                                                                                0x7098a4cf
                                                                                                                                0x7098a4cf
                                                                                                                                0x7098a4de
                                                                                                                                0x7098a4e3
                                                                                                                                0x7098a4e7
                                                                                                                                0x7098a4ee
                                                                                                                                0x7098a4f0
                                                                                                                                0x00000000
                                                                                                                                0x7098a4f2
                                                                                                                                0x7098a4f2
                                                                                                                                0x00000000
                                                                                                                                0x7098a4f2
                                                                                                                                0x7098a4f0
                                                                                                                                0x7098a489
                                                                                                                                0x7098a489
                                                                                                                                0x7098a489
                                                                                                                                0x7098a502
                                                                                                                                0x7098a502
                                                                                                                                0x7098a503
                                                                                                                                0x7098a512
                                                                                                                                0x7098a518
                                                                                                                                0x00000000
                                                                                                                                0x7098a518
                                                                                                                                0x7098a376
                                                                                                                                0x7098a37b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a381
                                                                                                                                0x7098a383
                                                                                                                                0x7098a389
                                                                                                                                0x7098a393
                                                                                                                                0x7098a395
                                                                                                                                0x7098a395
                                                                                                                                0x7098a399
                                                                                                                                0x7098a3ea
                                                                                                                                0x7098a3a0
                                                                                                                                0x7098a3a7
                                                                                                                                0x7098a3a9
                                                                                                                                0x7098a3f4
                                                                                                                                0x7098a3fa
                                                                                                                                0x7098a3fa
                                                                                                                                0x7098a400
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a402
                                                                                                                                0x7098a402
                                                                                                                                0x7098a405
                                                                                                                                0x7098a40a
                                                                                                                                0x7098a411
                                                                                                                                0x7098a415
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a419
                                                                                                                                0x7098a426
                                                                                                                                0x7098a434
                                                                                                                                0x7098a440
                                                                                                                                0x7098a444
                                                                                                                                0x7098a447
                                                                                                                                0x7098a44c
                                                                                                                                0x7098a450
                                                                                                                                0x7098a459
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a45f
                                                                                                                                0x00000000
                                                                                                                                0x7098a45f
                                                                                                                                0x7098a41c
                                                                                                                                0x7098a422
                                                                                                                                0x7098a424
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a424
                                                                                                                                0x7098a463
                                                                                                                                0x7098a463
                                                                                                                                0x7098a466
                                                                                                                                0x7098a467
                                                                                                                                0x7098a46b
                                                                                                                                0x00000000
                                                                                                                                0x7098a402
                                                                                                                                0x7098a3ab
                                                                                                                                0x7098a3b2
                                                                                                                                0x7098a3b4
                                                                                                                                0x7098a3bb
                                                                                                                                0x7098a3bb
                                                                                                                                0x7098a3e5
                                                                                                                                0x7098a3e5
                                                                                                                                0x7098a3e7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a3c3
                                                                                                                                0x7098a3c7
                                                                                                                                0x7098a3ca
                                                                                                                                0x7098a3ce
                                                                                                                                0x7098a3d2
                                                                                                                                0x7098a3d6
                                                                                                                                0x7098a3da
                                                                                                                                0x7098a3df
                                                                                                                                0x7098a3df
                                                                                                                                0x7098a3df
                                                                                                                                0x7098a3e9
                                                                                                                                0x7098a3e9
                                                                                                                                0x7098a3e9
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 7098A30E
                                                                                                                                  • Part of subcall function 70989222: __calloc_impl.LIBCMT ref: 70989237
                                                                                                                                • GetFileType.KERNEL32(00000024), ref: 7098A41C
                                                                                                                                • GetStdHandle.KERNEL32(-000000F6), ref: 7098A4A7
                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 7098A4B9
                                                                                                                                • SetHandleCount.KERNEL32 ref: 7098A512
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileHandleType$CountInfoStartup__calloc_impl
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 249809053-0
                                                                                                                                • Opcode ID: 29affc54805b2711f9906f534e41b5bff592648cc40d021fd3e4b4f1e35045ee
                                                                                                                                • Instruction ID: 56f15c4d9dbdbd0a239baf326baf2ff7e577f6e954b08d65f0454b117fd22bb4
                                                                                                                                • Opcode Fuzzy Hash: 29affc54805b2711f9906f534e41b5bff592648cc40d021fd3e4b4f1e35045ee
                                                                                                                                • Instruction Fuzzy Hash: 8661E3725183818EEB118B34C888B1EBBF9AB56324F24866ED5639B3F0D7749845D713
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043648F, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 184 7043648f-704364b7 call 70434970 GetStartupInfoA call 704353b8 188 704364bc-704364c0 184->188 189 704366c0 188->189 190 704364c6-704364d7 188->190 192 704366c3-704366c8 call 704349b5 189->192 191 704364fe-70436500 190->191 193 70436502-70436506 191->193 194 704364d9-704364f8 191->194 196 70436606 193->196 197 7043650c-70436511 193->197 194->191 199 70436608-70436618 196->199 197->196 200 70436517-70436529 197->200 201 70436625-7043662b 199->201 202 7043661a-7043661d 199->202 203 7043652b 200->203 204 7043652d-70436530 200->204 206 70436632-70436639 201->206 207 7043662d-70436630 201->207 202->201 205 7043661f-70436623 202->205 203->204 208 70436580-70436586 204->208 211 70436698-7043669c 205->211 212 7043663c-70436648 GetStdHandle 206->212 207->212 209 70436532-7043653f call 704353b8 208->209 210 70436588 208->210 224 70436541-70436557 209->224 225 7043658a 209->225 213 70436590-70436596 210->213 211->199 214 704366a2-704366b0 SetHandleCount 211->214 215 7043664a-7043664c 212->215 216 7043668e-70436692 212->216 213->196 218 70436598-704365a0 213->218 214->192 215->216 219 7043664e-70436657 GetFileType 215->219 216->211 221 704365a2-704365a5 218->221 222 704365f9-70436604 218->222 219->216 223 70436659-70436663 219->223 221->222 227 704365a7-704365ab 221->227 222->196 222->218 228 70436665-70436669 223->228 229 7043666b-7043666e 223->229 226 7043657b-7043657d 224->226 225->213 230 70436559-70436575 226->230 231 7043657f 226->231 227->222 232 704365ad-704365af 227->232 233 70436674-70436686 call 704396fb 228->233 229->233 234 70436670 229->234 230->226 231->208 236 704365b1-704365ba GetFileType 232->236 237 704365bc-704365ef call 704396fb 232->237 233->189 240 70436688-7043668c 233->240 234->233 236->222 236->237 237->189 242 704365f5 237->242 240->211 242->222
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E7043648F(void* __ebx, void* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t58;
				void* _t61;
				long _t65;
				signed int _t68;
				signed int _t69;
				int* _t71;
				signed int* _t74;
				signed char _t76;
				long _t83;
				signed int _t85;
				int* _t86;
				void* _t87;
				signed int _t90;
				signed int _t91;
				void* _t96;
				signed int _t99;
				int _t102;
				void* _t103;
				int _t104;
				void** _t109;
				signed int _t111;
				void** _t115;
				void* _t116;
				void* _t117;
				void* _t123;

				_t117 = __eflags;
				_t99 = __edx;
				_t87 = __ecx;
				_push(0x54);
				_push(0x7043c790);
				E70434970(__ebx, __edi, __esi);
				 *(_t116 - 4) = 0;
				GetStartupInfoA(_t116 - 0x64);
				 *(_t116 - 4) = 0xfffffffe;
				_push(0x24);
				_t102 = 0x20;
				_push(_t102); // executed
				_t58 = E704353B8(_t87, 0, _t117); // executed
				if(_t58 == 0) {
					L45:
					_t59 = _t58 | 0xffffffff;
					__eflags = _t58 | 0xffffffff;
					L46:
					return E704349B5(_t59);
				}
				 *0x7043f980 = _t58;
				 *0x7043f960 = _t102;
				_t4 = _t58 + 0x480; // 0x480
				_t90 = _t4;
				while(_t58 < _t90) {
					 *((char*)(_t58 + 4)) = 0;
					 *_t58 =  *_t58 | 0xffffffff;
					 *((char*)(_t58 + 5)) = 0xa;
					 *((intOrPtr*)(_t58 + 8)) = 0;
					 *((char*)(_t58 + 6)) = 0xa;
					 *((char*)(_t58 + 7)) = 0xa;
					_t58 = _t58 + 0x24;
					_t91 =  *0x7043f980; // 0xc60df8
					_t90 = _t91 + 0x480;
					__eflags = _t90;
				}
				if( *((intOrPtr*)(_t116 - 0x32)) == 0) {
					L26:
					_t85 = 0;
					do {
						_t109 = _t85 * 0x24 +  *0x7043f980;
						_t61 =  *_t109;
						if(_t61 == 0xffffffff || _t61 == 0xfffffffe) {
							_t109[1] = 0x81;
							__eflags = _t85;
							if(_t85 != 0) {
								asm("sbb eax, eax");
								_t65 =  ~(_t85 - 1) + 0xfffffff5;
								__eflags = _t65;
							} else {
								_t65 = 0xfffffff6;
							}
							_t103 = GetStdHandle(_t65);
							__eflags = _t103 - 0xffffffff;
							if(_t103 == 0xffffffff) {
								L42:
								_t54 =  &(_t109[1]);
								 *_t54 = _t109[1] | 0x00000040;
								__eflags =  *_t54;
								 *_t109 = 0xfffffffe;
								goto L43;
							} else {
								__eflags = _t103;
								if(_t103 == 0) {
									goto L42;
								}
								_t68 = GetFileType(_t103);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L42;
								}
								 *_t109 = _t103;
								_t69 = _t68 & 0x000000ff;
								__eflags = _t69 - 2;
								if(__eflags != 0) {
									__eflags = _t69 - 3;
									if(__eflags == 0) {
										_t49 =  &(_t109[1]);
										 *_t49 = _t109[1] | 0x00000008;
										__eflags =  *_t49;
									}
								} else {
									_t109[1] = _t109[1] | 0x00000040;
								}
								_push(0xfa0);
								_t51 =  &(_t109[3]); // -1883502964
								_t58 = E704396FB(_t85, _t99, _t103, _t109, __eflags);
								__eflags = _t58;
								if(_t58 == 0) {
									goto L45;
								} else {
									_t109[2] = _t109[2] | 0x00000004;
									goto L43;
								}
							}
						} else {
							_t109[1] = _t109[1] | 0x00000080;
						}
						L43:
						_t85 = _t85 + 1;
					} while (_t85 < 3);
					SetHandleCount( *0x7043f960);
					_t59 = 0;
					goto L46;
				}
				_t71 =  *(_t116 - 0x30);
				if(_t71 == 0) {
					goto L26;
				}
				_t104 =  *_t71;
				_t86 =  &(_t71[1]);
				 *(_t116 - 0x1c) = _t86 + _t104;
				if(_t104 >= 0x800) {
					_t104 = 0x800;
				}
				_t111 = 1;
				while(1) {
					_t123 =  *0x7043f960 - _t104; // 0x20
					if(_t123 >= 0) {
						break;
					}
					_t74 = E704353B8(_t90, _t111, __eflags, 0x20, 0x24);
					__eflags = _t74;
					if(__eflags == 0) {
						_t104 =  *0x7043f960; // 0x20
						L17:
						 *(_t116 - 0x20) =  *(_t116 - 0x20) & 0x00000000;
						if(_t104 <= 0) {
							goto L26;
						} else {
							goto L18;
						}
						do {
							L18:
							_t96 =  *( *(_t116 - 0x1c));
							if(_t96 != 0xffffffff && _t96 != 0xfffffffe) {
								_t76 =  *_t86;
								if((_t76 & 0x00000001) == 0) {
									goto L25;
								}
								if((_t76 & 0x00000008) != 0) {
									L23:
									_t115 = ( *(_t116 - 0x20) & 0x0000001f) * 0x24 + 0x7043f980[ *(_t116 - 0x20) >> 5];
									 *_t115 =  *( *(_t116 - 0x1c));
									_t115[1] =  *_t86;
									_push(0xfa0);
									_t36 =  &(_t115[3]); // 0xc
									_t58 = E704396FB(_t86, _t99, _t104, _t115, _t129);
									if(_t58 == 0) {
										goto L45;
									}
									_t115[2] = _t115[2] | 0x00000004;
									goto L25;
								}
								_t83 = GetFileType(_t96);
								_t129 = _t83;
								if(_t83 == 0) {
									goto L25;
								}
								goto L23;
							}
							L25:
							 *(_t116 - 0x20) =  *(_t116 - 0x20) + 1;
							_t86 =  &(_t86[0]);
							 *(_t116 - 0x1c) =  &(( *(_t116 - 0x1c))[1]);
						} while ( *(_t116 - 0x20) < _t104);
						goto L26;
					}
					_t90 =  &(0x7043f980[_t111]);
					 *_t90 = _t74;
					 *0x7043f960 =  *0x7043f960 + 0x20;
					_t17 =  &(_t74[0x120]); // 0x480
					_t99 = _t17;
					while(1) {
						__eflags = _t74 - _t99;
						if(_t74 >= _t99) {
							break;
						}
						_t74[1] = 0;
						 *_t74 =  *_t74 | 0xffffffff;
						_t74[1] = 0xa;
						_t74[2] = _t74[2] & 0x00000000;
						_t74[1] = 0xa;
						_t74[1] = 0xa;
						_t74 =  &(_t74[9]);
						_t99 =  &(( *_t90)[0x120]);
						__eflags = _t99;
					}
					_t111 = _t111 + 1;
					__eflags = _t111;
				}
				goto L17;
			}




























                                                                                                                                0x7043648f
                                                                                                                                0x7043648f
                                                                                                                                0x7043648f
                                                                                                                                0x7043648f
                                                                                                                                0x70436491
                                                                                                                                0x70436496
                                                                                                                                0x7043649d
                                                                                                                                0x704364a4
                                                                                                                                0x704364aa
                                                                                                                                0x704364b1
                                                                                                                                0x704364b5
                                                                                                                                0x704364b6
                                                                                                                                0x704364b7
                                                                                                                                0x704364c0
                                                                                                                                0x704366c0
                                                                                                                                0x704366c0
                                                                                                                                0x704366c0
                                                                                                                                0x704366c3
                                                                                                                                0x704366c8
                                                                                                                                0x704366c8
                                                                                                                                0x704364c6
                                                                                                                                0x704364cb
                                                                                                                                0x704364d1
                                                                                                                                0x704364d1
                                                                                                                                0x704364fe
                                                                                                                                0x704364d9
                                                                                                                                0x704364dd
                                                                                                                                0x704364e0
                                                                                                                                0x704364e4
                                                                                                                                0x704364e7
                                                                                                                                0x704364eb
                                                                                                                                0x704364ef
                                                                                                                                0x704364f2
                                                                                                                                0x704364f8
                                                                                                                                0x704364f8
                                                                                                                                0x704364f8
                                                                                                                                0x70436506
                                                                                                                                0x70436606
                                                                                                                                0x70436606
                                                                                                                                0x70436608
                                                                                                                                0x7043660d
                                                                                                                                0x70436613
                                                                                                                                0x70436618
                                                                                                                                0x70436625
                                                                                                                                0x70436629
                                                                                                                                0x7043662b
                                                                                                                                0x70436637
                                                                                                                                0x70436639
                                                                                                                                0x70436639
                                                                                                                                0x7043662d
                                                                                                                                0x7043662f
                                                                                                                                0x7043662f
                                                                                                                                0x70436643
                                                                                                                                0x70436645
                                                                                                                                0x70436648
                                                                                                                                0x7043668e
                                                                                                                                0x7043668e
                                                                                                                                0x7043668e
                                                                                                                                0x7043668e
                                                                                                                                0x70436692
                                                                                                                                0x00000000
                                                                                                                                0x7043664a
                                                                                                                                0x7043664a
                                                                                                                                0x7043664c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043664f
                                                                                                                                0x70436655
                                                                                                                                0x70436657
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436659
                                                                                                                                0x7043665b
                                                                                                                                0x70436660
                                                                                                                                0x70436663
                                                                                                                                0x7043666b
                                                                                                                                0x7043666e
                                                                                                                                0x70436670
                                                                                                                                0x70436670
                                                                                                                                0x70436670
                                                                                                                                0x70436670
                                                                                                                                0x70436665
                                                                                                                                0x70436665
                                                                                                                                0x70436665
                                                                                                                                0x70436674
                                                                                                                                0x70436679
                                                                                                                                0x7043667d
                                                                                                                                0x70436684
                                                                                                                                0x70436686
                                                                                                                                0x00000000
                                                                                                                                0x70436688
                                                                                                                                0x70436688
                                                                                                                                0x00000000
                                                                                                                                0x70436688
                                                                                                                                0x70436686
                                                                                                                                0x7043661f
                                                                                                                                0x7043661f
                                                                                                                                0x7043661f
                                                                                                                                0x70436698
                                                                                                                                0x70436698
                                                                                                                                0x70436699
                                                                                                                                0x704366a8
                                                                                                                                0x704366ae
                                                                                                                                0x00000000
                                                                                                                                0x704366ae
                                                                                                                                0x7043650c
                                                                                                                                0x70436511
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436517
                                                                                                                                0x70436519
                                                                                                                                0x7043651f
                                                                                                                                0x70436529
                                                                                                                                0x7043652b
                                                                                                                                0x7043652b
                                                                                                                                0x7043652f
                                                                                                                                0x70436580
                                                                                                                                0x70436580
                                                                                                                                0x70436586
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436536
                                                                                                                                0x7043653d
                                                                                                                                0x7043653f
                                                                                                                                0x7043658a
                                                                                                                                0x70436590
                                                                                                                                0x70436590
                                                                                                                                0x70436596
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436598
                                                                                                                                0x70436598
                                                                                                                                0x7043659b
                                                                                                                                0x704365a0
                                                                                                                                0x704365a7
                                                                                                                                0x704365ab
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704365af
                                                                                                                                0x704365bc
                                                                                                                                0x704365ca
                                                                                                                                0x704365d6
                                                                                                                                0x704365da
                                                                                                                                0x704365dd
                                                                                                                                0x704365e2
                                                                                                                                0x704365e6
                                                                                                                                0x704365ef
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704365f5
                                                                                                                                0x00000000
                                                                                                                                0x704365f5
                                                                                                                                0x704365b2
                                                                                                                                0x704365b8
                                                                                                                                0x704365ba
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704365ba
                                                                                                                                0x704365f9
                                                                                                                                0x704365f9
                                                                                                                                0x704365fc
                                                                                                                                0x704365fd
                                                                                                                                0x70436601
                                                                                                                                0x00000000
                                                                                                                                0x70436598
                                                                                                                                0x70436541
                                                                                                                                0x70436548
                                                                                                                                0x7043654a
                                                                                                                                0x70436551
                                                                                                                                0x70436551
                                                                                                                                0x7043657b
                                                                                                                                0x7043657b
                                                                                                                                0x7043657d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436559
                                                                                                                                0x7043655d
                                                                                                                                0x70436560
                                                                                                                                0x70436564
                                                                                                                                0x70436568
                                                                                                                                0x7043656c
                                                                                                                                0x70436570
                                                                                                                                0x70436575
                                                                                                                                0x70436575
                                                                                                                                0x70436575
                                                                                                                                0x7043657f
                                                                                                                                0x7043657f
                                                                                                                                0x7043657f
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 704364A4
                                                                                                                                  • Part of subcall function 704353B8: __calloc_impl.LIBCMT ref: 704353CD
                                                                                                                                • GetFileType.KERNEL32(00000024), ref: 704365B2
                                                                                                                                • GetStdHandle.KERNEL32(-000000F6), ref: 7043663D
                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 7043664F
                                                                                                                                • SetHandleCount.KERNEL32 ref: 704366A8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileHandleType$CountInfoStartup__calloc_impl
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 249809053-0
                                                                                                                                • Opcode ID: 774157e7392515b3947f988bcc76323e2c52608677610bb67f8cf43ab2bbcc23
                                                                                                                                • Instruction ID: d57c94adec49683de3c1dac62a29ebeaedf678d0b524935e17f22ab33d0fe9e9
                                                                                                                                • Opcode Fuzzy Hash: 774157e7392515b3947f988bcc76323e2c52608677610bb67f8cf43ab2bbcc23
                                                                                                                                • Instruction Fuzzy Hash: 91610472504742AEDB118B28C98570DFBF4AF09324FA6E66DD467BB2F4D738D8068B11
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989AF7, Relevance: 4.5, APIs: 3, Instructions: 42COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 302 70989af7-70989b03 303 70989b1e-70989b3c call 7098ec1d call 70989d45 call 7098998e 302->303 304 70989b05-70989b12 call 7098e969 302->304 314 70989b41-70989b45 303->314 304->303 309 70989b14-70989b1d 304->309 309->303 315 70989b7d-70989b7e 314->315 316 70989b47-70989b5e call 70989a4e 314->316 319 70989b7b 316->319 320 70989b60-70989b6d call 7098e969 316->320 319->315 320->319 323 70989b6f-70989b73 320->323 323->319
                                                                                                                                C-Code - Quality: 57%
                                                                                                                                			E70989AF7(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* __ebp;
				intOrPtr _t3;
				void* _t4;

				_t20 = __esi;
				_t19 = __edi;
				_t12 = __ebx;
				_t21 =  *0x70998e50;
				if( *0x70998e50 != 0) {
					_push(0x70998e50);
					if(E7098E969(__ebx, __edi, __esi, _t21) != 0) {
						 *0x70998e50(_a4);
					}
				}
				E7098EC1D();
				_t3 = E70989D45();
				 *0x70998e44 = _t3;
				 *0x70998e48 = _t3; // executed
				_t4 = E7098998E(0x70981184, 0x70981198); // executed
				if(_t4 != 0) {
					return _t4;
				}
				E70989A4E(0x7098116c, 0x70981180);
				_t24 =  *0x70998e58;
				if( *0x70998e58 != 0) {
					_push(0x70998e58);
					if(E7098E969(_t12, _t19, _t20, _t24) != 0) {
						 *0x70998e58(0, 2, 0);
					}
				}
				return 0;
			}






                                                                                                                                0x70989af7
                                                                                                                                0x70989af7
                                                                                                                                0x70989af7
                                                                                                                                0x70989afc
                                                                                                                                0x70989b03
                                                                                                                                0x70989b05
                                                                                                                                0x70989b12
                                                                                                                                0x70989b17
                                                                                                                                0x70989b1d
                                                                                                                                0x70989b12
                                                                                                                                0x70989b1e
                                                                                                                                0x70989b23
                                                                                                                                0x70989b32
                                                                                                                                0x70989b37
                                                                                                                                0x70989b3c
                                                                                                                                0x70989b45
                                                                                                                                0x70989b7e
                                                                                                                                0x70989b7e
                                                                                                                                0x70989b51
                                                                                                                                0x70989b56
                                                                                                                                0x70989b5e
                                                                                                                                0x70989b60
                                                                                                                                0x70989b6d
                                                                                                                                0x70989b75
                                                                                                                                0x70989b75
                                                                                                                                0x70989b6d
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • __initp_misc_cfltcvt_tab.LIBCMT ref: 70989B1E
                                                                                                                                • __initterm_e.LIBCMT ref: 70989B3C
                                                                                                                                • __initterm.LIBCMT ref: 70989B51
                                                                                                                                  • Part of subcall function 7098E969: __FindPESection.LIBCMT ref: 7098E990
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FindSection__initp_misc_cfltcvt_tab__initterm__initterm_e
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1045579342-0
                                                                                                                                • Opcode ID: 8afcb409ba73965e8b967c7c7e465c4ecf98d3df33110b9c53d541569256435a
                                                                                                                                • Instruction ID: 6d1415af2ab5257341eca6a64bbfc8ef7027aba88164cbfa0e2580f050071ebf
                                                                                                                                • Opcode Fuzzy Hash: 8afcb409ba73965e8b967c7c7e465c4ecf98d3df33110b9c53d541569256435a
                                                                                                                                • Instruction Fuzzy Hash: F7F0A472228205AEDB1027F1AD29B1F73599BC065EF24052FF50AA87D0DFB1A8409503
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098AB3F, Relevance: 3.0, APIs: 2, Instructions: 33memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 334 7098ab3f-7098ab61 HeapCreate 335 7098ab63-7098ab66 334->335 336 7098ab67-7098ab74 call 7098aadd 334->336 339 7098ab9a-7098ab9e 336->339 340 7098ab76-7098ab83 call 7098da8a 336->340 340->339 343 7098ab85-7098ab98 HeapDestroy 340->343 343->335
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E7098AB3F(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;
				intOrPtr _t15;

				_t15 = __edx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x709973c4 = _t6;
				if(_t6 != 0) {
					_t7 = E7098AADD(__ebx, _t15, __edi, __eflags);
					 *0x70998d20 = _t7;
					__eflags = _t7 - 3;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E7098DA8A(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x709973c4);
							 *0x709973c4 =  *0x709973c4 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}







                                                                                                                                0x7098ab3f
                                                                                                                                0x7098ab54
                                                                                                                                0x7098ab5a
                                                                                                                                0x7098ab61
                                                                                                                                0x7098ab67
                                                                                                                                0x7098ab6c
                                                                                                                                0x7098ab71
                                                                                                                                0x7098ab74
                                                                                                                                0x7098ab9a
                                                                                                                                0x7098ab9c
                                                                                                                                0x7098ab9e
                                                                                                                                0x7098ab76
                                                                                                                                0x7098ab7b
                                                                                                                                0x7098ab81
                                                                                                                                0x7098ab83
                                                                                                                                0x00000000
                                                                                                                                0x7098ab85
                                                                                                                                0x7098ab8b
                                                                                                                                0x7098ab91
                                                                                                                                0x00000000
                                                                                                                                0x7098ab91
                                                                                                                                0x7098ab83
                                                                                                                                0x7098ab63
                                                                                                                                0x7098ab63
                                                                                                                                0x7098ab66
                                                                                                                                0x7098ab66

                                                                                                                                APIs
                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,709876C7,00000001), ref: 7098AB54
                                                                                                                                • HeapDestroy.KERNEL32(?,709876C7,00000001), ref: 7098AB8B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Heap$CreateDestroy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3296620671-0
                                                                                                                                • Opcode ID: 3eaa665eeceebabfc061ee79342f70f8775dfcee6fd798ff4f28d4e44e258acd
                                                                                                                                • Instruction ID: a84b33aa3ebfd62477a922faad22cbe1446827da53e4c07cf3602b29a3f8f6df
                                                                                                                                • Opcode Fuzzy Hash: 3eaa665eeceebabfc061ee79342f70f8775dfcee6fd798ff4f28d4e44e258acd
                                                                                                                                • Instruction Fuzzy Hash: 94F0A7325783059EF3029B739D0A7293AADF780255F24047AEC0AD53D0EA30C440A602
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70436CD5, Relevance: 3.0, APIs: 2, Instructions: 33memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 324 70436cd5-70436cf7 HeapCreate 325 70436cf9-70436cfc 324->325 326 70436cfd-70436d0a call 70436c73 324->326 329 70436d30-70436d34 326->329 330 70436d0c-70436d19 call 704385b2 326->330 330->329 333 70436d1b-70436d2e HeapDestroy 330->333 333->325
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E70436CD5(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;
				intOrPtr _t15;

				_t15 = __edx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x7043f02c = _t6;
				if(_t6 != 0) {
					_t7 = E70436C73(__ebx, _t15, __edi, __eflags);
					 *0x7043f95c = _t7;
					__eflags = _t7 - 3;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E704385B2(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x7043f02c);
							 *0x7043f02c =  *0x7043f02c & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}







                                                                                                                                0x70436cd5
                                                                                                                                0x70436cea
                                                                                                                                0x70436cf0
                                                                                                                                0x70436cf7
                                                                                                                                0x70436cfd
                                                                                                                                0x70436d02
                                                                                                                                0x70436d07
                                                                                                                                0x70436d0a
                                                                                                                                0x70436d30
                                                                                                                                0x70436d32
                                                                                                                                0x70436d34
                                                                                                                                0x70436d0c
                                                                                                                                0x70436d11
                                                                                                                                0x70436d17
                                                                                                                                0x70436d19
                                                                                                                                0x00000000
                                                                                                                                0x70436d1b
                                                                                                                                0x70436d21
                                                                                                                                0x70436d27
                                                                                                                                0x00000000
                                                                                                                                0x70436d27
                                                                                                                                0x70436d19
                                                                                                                                0x70436cf9
                                                                                                                                0x70436cf9
                                                                                                                                0x70436cfc
                                                                                                                                0x70436cfc

                                                                                                                                APIs
                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,70433FC5,00000001), ref: 70436CEA
                                                                                                                                • HeapDestroy.KERNEL32(?,70433FC5,00000001), ref: 70436D21
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Heap$CreateDestroy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3296620671-0
                                                                                                                                • Opcode ID: 79725879191d6776b044ef4afc7c445cb745bce1962373185fc6b938527e0af6
                                                                                                                                • Instruction ID: 62fc1e80e1ddc4742b2ebbf75a744c9ded160b511bfc70936effa9cb348db1a5
                                                                                                                                • Opcode Fuzzy Hash: 79725879191d6776b044ef4afc7c445cb745bce1962373185fc6b938527e0af6
                                                                                                                                • Instruction Fuzzy Hash: D6F0E232950346BEDB051BBA9C0431DFAF8D748264F20E439E40AE91A0E62894908E24
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989222, Relevance: 1.5, APIs: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 356 70989222-70989243 call 709890ff 359 7098925e-70989262 356->359 360 70989245-7098924b 356->360 361 7098925d 360->361 362 7098924d-70989254 call 7098ca4d 360->362 361->359 362->361 365 70989256-7098925b call 7098ca4d 362->365 365->361
                                                                                                                                C-Code - Quality: 63%
                                                                                                                                			E70989222(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __edi;
				void* __ebp;
				void* _t8;
				void* _t10;
				void* _t12;
				void* _t14;
				void* _t15;
				signed int _t18;

				_v8 = _v8 & 0x00000000;
				_push(_t14);
				_push( &_v8);
				_push(_a8);
				_push(_a4);
				_t8 = E709890FF(_t12, _t14, __esi, __eflags); // executed
				_t15 = _t8;
				if(_t15 == 0) {
					_push(__esi);
					_t18 = _v8;
					_t24 = _t18;
					if(_t18 != 0) {
						_t10 = E7098CA4D(_t24);
						_t25 = _t10;
						if(_t10 != 0) {
							 *(E7098CA4D(_t25)) = _t18;
						}
					}
				}
				return _t15;
			}












                                                                                                                                0x70989228
                                                                                                                                0x7098922c
                                                                                                                                0x70989230
                                                                                                                                0x70989231
                                                                                                                                0x70989234
                                                                                                                                0x70989237
                                                                                                                                0x7098923c
                                                                                                                                0x70989243
                                                                                                                                0x70989245
                                                                                                                                0x70989246
                                                                                                                                0x70989249
                                                                                                                                0x7098924b
                                                                                                                                0x7098924d
                                                                                                                                0x70989252
                                                                                                                                0x70989254
                                                                                                                                0x7098925b
                                                                                                                                0x7098925b
                                                                                                                                0x70989254
                                                                                                                                0x7098925d
                                                                                                                                0x70989262

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __calloc_impl
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2175177749-0
                                                                                                                                • Opcode ID: e7bb5cc7773af46a108a31c58ec10cbb5104b4fe0c1f147732f4db7f44b8841b
                                                                                                                                • Instruction ID: 06c312a0aeaf947875d2fab6c50943153cdd99ae559e503e560fa196c114147d
                                                                                                                                • Opcode Fuzzy Hash: e7bb5cc7773af46a108a31c58ec10cbb5104b4fe0c1f147732f4db7f44b8841b
                                                                                                                                • Instruction Fuzzy Hash: E6E09B77500118BBCF119A88C9017CD37BDDFC2664F150154BD15D7380D671FE0197A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704353B8, Relevance: 1.5, APIs: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 344 704353b8-704353cd call 70435295 346 704353d2-704353d9 344->346 347 704353f4-704353f8 346->347 348 704353db-704353e1 346->348 349 704353f3 348->349 350 704353e3-704353ea call 704392f6 348->350 349->347 350->349 353 704353ec-704353f1 call 704392f6 350->353 353->349
                                                                                                                                C-Code - Quality: 63%
                                                                                                                                			E704353B8(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __edi;
				void* __ebp;
				void* _t8;
				void* _t10;
				void* _t12;
				void* _t14;
				void* _t15;
				signed int _t18;

				_v8 = _v8 & 0x00000000;
				_push(_t14);
				_push( &_v8);
				_push(_a8);
				_push(_a4);
				_t8 = E70435295(_t12, _t14, __esi, __eflags); // executed
				_t15 = _t8;
				if(_t15 == 0) {
					_push(__esi);
					_t18 = _v8;
					_t24 = _t18;
					if(_t18 != 0) {
						_t10 = E704392F6(_t24);
						_t25 = _t10;
						if(_t10 != 0) {
							 *(E704392F6(_t25)) = _t18;
						}
					}
				}
				return _t15;
			}












                                                                                                                                0x704353be
                                                                                                                                0x704353c2
                                                                                                                                0x704353c6
                                                                                                                                0x704353c7
                                                                                                                                0x704353ca
                                                                                                                                0x704353cd
                                                                                                                                0x704353d2
                                                                                                                                0x704353d9
                                                                                                                                0x704353db
                                                                                                                                0x704353dc
                                                                                                                                0x704353df
                                                                                                                                0x704353e1
                                                                                                                                0x704353e3
                                                                                                                                0x704353e8
                                                                                                                                0x704353ea
                                                                                                                                0x704353f1
                                                                                                                                0x704353f1
                                                                                                                                0x704353ea
                                                                                                                                0x704353f3
                                                                                                                                0x704353f8

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __calloc_impl
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2175177749-0
                                                                                                                                • Opcode ID: 10871ef8b2a66216de7e9351eb8150f659c6e30ac3c79d7be82c23ed125e849a
                                                                                                                                • Instruction ID: 393fd50dfb11aa35ad21884537a38b0f9e2a8e205b1b42cc51271cbb81fe01be
                                                                                                                                • Opcode Fuzzy Hash: 10871ef8b2a66216de7e9351eb8150f659c6e30ac3c79d7be82c23ed125e849a
                                                                                                                                • Instruction Fuzzy Hash: D4E09B36600118BFDB115E85DD017CFBBBDDF886A4F511058BC06F7200DA78DE0587A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70435E08, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 368 70435e08-70435e0e call 70435d1a 370 70435e13-70435e16 368->370
                                                                                                                                C-Code - Quality: 25%
                                                                                                                                			E70435E08() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E70435D1A(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                                                0x70435e08
                                                                                                                                0x70435e0a
                                                                                                                                0x70435e0c
                                                                                                                                0x70435e0e
                                                                                                                                0x70435e16

                                                                                                                                APIs
                                                                                                                                • _doexit.LIBCMT ref: 70435E0E
                                                                                                                                  • Part of subcall function 70435D1A: __lock.LIBCMT ref: 70435D28
                                                                                                                                  • Part of subcall function 70435D1A: __initterm.LIBCMT ref: 70435D92
                                                                                                                                  • Part of subcall function 70435D1A: __initterm.LIBCMT ref: 70435DA2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __initterm$__lock_doexit
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 480483908-0
                                                                                                                                • Opcode ID: 0064640331f06d76350917e00ec120ee5b53a5213c5aaad59ef2a7315b403877
                                                                                                                                • Instruction ID: 9c342ca10fc15658e70bf7a45a9db1a51df1a698913225b5a70669aef1b627df
                                                                                                                                • Opcode Fuzzy Hash: 0064640331f06d76350917e00ec120ee5b53a5213c5aaad59ef2a7315b403877
                                                                                                                                • Instruction Fuzzy Hash: 5EA00265BE430025F8E565602D47F5865025754F05FE45554BF183C1C0A4CA27584097
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 013F1340, Relevance: 56.5, APIs: 30, Strings: 2, Instructions: 480COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000072,external/boringssl/src/crypto/fipsmodule/bn/sqrt.c,0000005A), ref: 013F1579
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/sqrt.c, xrefs: 013F156E, 013F19FF
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013F1806
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/sqrt.c
                                                                                                                                • API String ID: 1767461275-1578890279
                                                                                                                                • Opcode ID: 0b9e92e67b75ca0edd0fb4023204ae963fb1a9ef9095e03e502870f793359413
                                                                                                                                • Instruction ID: 820608af39ed39d18464fbbfd7f15a14f1064665ae6c6aa3d1f04df2601655f6
                                                                                                                                • Opcode Fuzzy Hash: 0b9e92e67b75ca0edd0fb4023204ae963fb1a9ef9095e03e502870f793359413
                                                                                                                                • Instruction Fuzzy Hash: 61021775A04305EFEB219F28ED44B2BBBE5AF9034CF48851CFA59572A2E771D450CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140BBC0, Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 268COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RSA_check_key.ADB(?), ref: 0140BBE0
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 0140BBF4
                                                                                                                                • BN_num_bits.ADB(00000000), ref: 0140BC4D
                                                                                                                                • CRYPTO_once.ADB(01742B38,0141EF90), ref: 0140BC89
                                                                                                                                • BN_gcd.ADB(?,?,01742B3C,00000000), ref: 0140BC9D
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000092,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000034C), ref: 0140BCC7
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0140BCDE
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000092,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000328), ref: 0140BD08
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 0140BD24
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000041,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000332), ref: 0140BD3C
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0140BD4E
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 0140BD65
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0140BD70
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140BD79
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140BDD1
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 0140BDE4
                                                                                                                                • RSA_sign.ADB(000002A0,?,00000020,00000000,?,00000000), ref: 0140BE05
                                                                                                                                • RSA_verify.ADB(000002A0,?,00000020,00000000,?,00000000), ref: 0140BE1F
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000044,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000366), ref: 0140BE59
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140BE64
                                                                                                                                • BN_enhanced_miller_rabin_primality_test.ADB(?,?,00000000,00000000,00000000), ref: 0140BF1C
                                                                                                                                  • Part of subcall function 013EFDE0: ERR_put_error.ADB(00000003,00000000,00000077,external/boringssl/src/crypto/fipsmodule/bn/prime.c,0000031E), ref: 013EFE12
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_free$L_mallocN_num_bits$A_check_keyA_signA_verifyN_enhanced_miller_rabin_primality_testN_gcdO_oncesk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 3783763504-2539234119
                                                                                                                                • Opcode ID: cda092e5bbafdc6800dc61a72654e13d34afbf48472bf5073f3e1c2d965fa65c
                                                                                                                                • Instruction ID: ed589aeb7b6d4eb87aaba5f77c80e9f55e2a379f1da884650a2754f5dadb6463
                                                                                                                                • Opcode Fuzzy Hash: cda092e5bbafdc6800dc61a72654e13d34afbf48472bf5073f3e1c2d965fa65c
                                                                                                                                • Instruction Fuzzy Hash: 74916AB9A443016BF7129B2ACC46F177694EFA0308F54813EFA486B3E2E7B1D541C796
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD400, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 231COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FD421
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002EE), ref: 013FD43D
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000012C), ref: 013FD45A
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FD4FE
                                                                                                                                • EC_GROUP_cmp.ADB(?,00000000), ref: 013FD545
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FD565
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000078,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000013D), ref: 013FD57D
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013FD595
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FD5A0
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD5A9
                                                                                                                                • EC_GROUP_free.ADB(00000000), ref: 013FD5BB
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD5C4
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FD616
                                                                                                                                • CRYPTO_refcount_inc.ADB(-0000010C), ref: 013FD63A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC), ref: 013FD658
                                                                                                                                • EC_POINT_cmp.ADB(?,00000000,00000000), ref: 013FD67E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000071,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000014B), ref: 013FD69E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9), ref: 013FD6DC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_free$L_mallocP_cmp$O_refcount_incP_freeT_cmpmemsetsk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c$external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 500342953-1663256894
                                                                                                                                • Opcode ID: 060504e0abcdf42e3a394507e4b0a49fa4b4266b1307e8448a8631dd52502370
                                                                                                                                • Instruction ID: b18fbad6e96c761441efffc653ecf869d802253d34c822da40e6f097ec37de50
                                                                                                                                • Opcode Fuzzy Hash: 060504e0abcdf42e3a394507e4b0a49fa4b4266b1307e8448a8631dd52502370
                                                                                                                                • Instruction Fuzzy Hash: 167129B1B803056BF7216A69DC4BF663654AF60B4CF04813CFB0D7E2D2EBB1E5548652
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A160, Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 170COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000090,external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c,00000100,-00000007,?,?,?), ref: 0140A1B5
                                                                                                                                • BN_num_bits.ADB(?,-00000007,?,?), ref: 0140A1CA
                                                                                                                                • OPENSSL_malloc.ADB(00000018,?,-00000007,?,?), ref: 0140A1EB
                                                                                                                                • OPENSSL_realloc.ADB(00000000,00000080,?,?,-00000007,?), ref: 0140A229
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocL_reallocN_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c
                                                                                                                                • API String ID: 1255681542-1361718366
                                                                                                                                • Opcode ID: 7b70b0ac2c95ad6e8c20299acab73b528968b1434a5182939d3ac59cace0f037
                                                                                                                                • Instruction ID: 15c97b8d732ac12444a55104533c1d0670cfb8c76066a4fd6fdfdff7c40058a2
                                                                                                                                • Opcode Fuzzy Hash: 7b70b0ac2c95ad6e8c20299acab73b528968b1434a5182939d3ac59cace0f037
                                                                                                                                • Instruction Fuzzy Hash: ED5118B07403016BFB21AB26DC45F2B7BD4AF60748F18443EF9499B3E2E6B1E545C652
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014207E0, Relevance: 31.6, APIs: 21, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_thread_local.ADB(00000000,?,013FCB1D), ref: 014207E3
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,013FCB1D), ref: 014207F8
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142081E
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420845
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142086C
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420893
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208BA
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208E1
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420908
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420932
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420968
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0142099E
                                                                                                                                • OPENSSL_free.ADB(?), ref: 014209D4
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A0A
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A40
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A76
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420AAC
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420AE2
                                                                                                                                • OPENSSL_malloc.ADB(0000010C,013FCB1D), ref: 01420B0F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,0000010C,?,013FCB1D), ref: 01420B25
                                                                                                                                • CRYPTO_set_thread_local.ADB(00000000,00000000,014217D0,?,?,?,?,013FCB1D), ref: 01420B35
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocO_get_thread_localO_set_thread_localmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2159928624-0
                                                                                                                                • Opcode ID: 8d359ead6e4a4bcd0d93f5abff17cadb1157c19b18dead50e9edab7bfac57e94
                                                                                                                                • Instruction ID: 5c20bb30d8c9404e5e0fb6adb080bed82af54d1b3bf534d03b9c9a17742277fb
                                                                                                                                • Opcode Fuzzy Hash: 8d359ead6e4a4bcd0d93f5abff17cadb1157c19b18dead50e9edab7bfac57e94
                                                                                                                                • Instruction Fuzzy Hash: 5D71A4F0410B518BF7319F21D919797BAF0BF2030CF90892DD5AA1A6A1D7BAB059CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FA890, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000042,external/boringssl/src/crypto/fipsmodule/ec/ec.c,0000015D), ref: 013FA8BF
                                                                                                                                • BN_num_bits.ADB(?), ref: 013FA8D8
                                                                                                                                • BN_new.ADB ref: 013FA9BA
                                                                                                                                • BN_lshift1.ADB(00000000,?), ref: 013FA9CB
                                                                                                                                • BN_cmp.ADB(00000000,?), ref: 013FA9E4
                                                                                                                                • EC_POINT_new.ADB(?), ref: 013FA9F1
                                                                                                                                • EC_POINT_copy.ADB(00000000,?), ref: 013FAA03
                                                                                                                                • BN_copy.ADB(?,?), ref: 013FAA1C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000070,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000179), ref: 013FAA57
                                                                                                                                • EC_POINT_free.ADB(00000000), ref: 013FAA64
                                                                                                                                • BN_free.ADB(00000000), ref: 013FAA6D
                                                                                                                                • BN_MONT_CTX_free.ADB(?), ref: 013FAA89
                                                                                                                                • BN_MONT_CTX_new_for_modulus.ADB(?,00000000), ref: 013FAA94
                                                                                                                                • BN_cmp.ADB(?,?), ref: 013FAAAD
                                                                                                                                • BN_sub.ADB(00000000,?,?), ref: 013FAACA
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(?), ref: 013FAAFA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_cmpR_put_error$N_copyN_freeN_lshift1N_newN_num_bitsN_subO_refcount_dec_and_test_zeroT_copyT_freeT_newX_freeX_new_for_modulus
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2732770201-1759677748
                                                                                                                                • Opcode ID: 52733f95b1213e9aa20b916f9496f468d03a9e9e2d958c92242eb8c730507f7b
                                                                                                                                • Instruction ID: 06d953627e3729d8347d6773ad6e34546121efbe00fa7b47665bf704e9617b72
                                                                                                                                • Opcode Fuzzy Hash: 52733f95b1213e9aa20b916f9496f468d03a9e9e2d958c92242eb8c730507f7b
                                                                                                                                • Instruction Fuzzy Hash: 7861F675A04305ABFB109A38DC41B6B7BE8AF9034CF04862DFA4DA7291E771D945CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FDCF0, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 013FDD07
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000001AA), ref: 013FDD34
                                                                                                                                • OPENSSL_malloc.ADB(00000058), ref: 013FDD48
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000041,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000005A), ref: 013FDE14
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FDE2D
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FDE4F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC), ref: 013FDE68
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FDEA7
                                                                                                                                • EC_GROUP_free.ADB(?), ref: 013FDEBB
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FDEC4
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9), ref: 013FDEFA
                                                                                                                                • EC_GROUP_free.ADB ref: 013FDF0A
                                                                                                                                • OPENSSL_free.ADB ref: 013FDF15
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FDF1E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_error$L_mallocP_free$N_num_bitsO_refcount_incmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c$external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 3985373344-1377655820
                                                                                                                                • Opcode ID: 9c72c1bf2aeb3209a7536ef9466902c84357013461dbfb828d2889d705c994e6
                                                                                                                                • Instruction ID: 95a227f1ba12d069c6b32952ac566688f7b6ee7a1f7779304f839291dc42157f
                                                                                                                                • Opcode Fuzzy Hash: 9c72c1bf2aeb3209a7536ef9466902c84357013461dbfb828d2889d705c994e6
                                                                                                                                • Instruction Fuzzy Hash: 67518DB16403019FE720AF55DC49F577BA4AF20B08F45406DEA095F2A2E3B6E558CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FAC50, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 135COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FAC65
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(017287C0), ref: 013FACA7
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(017287C0), ref: 013FACBB
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FACCD
                                                                                                                                • BN_bin2bn.ADB(00000000,00000000,00000000), ref: 013FAD27
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FAF50, 013FAFA1
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013FAF38
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocN_bin2bnO_onceX_lock_readX_unlock_read
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1997066980-4021196227
                                                                                                                                • Opcode ID: 2d1a76ba07342ecebe6b975de15ae626df074305256785f0852c388a4ece0b97
                                                                                                                                • Instruction ID: 46b7302e7cab837e725fd6be81a9d23d42fc44f231e9ad7b5f9d3ffc2169ae4b
                                                                                                                                • Opcode Fuzzy Hash: 2d1a76ba07342ecebe6b975de15ae626df074305256785f0852c388a4ece0b97
                                                                                                                                • Instruction Fuzzy Hash: 294126F5A443055BE720AF56EC42B1BB7A4AFA070CF45402DFE4C2B393E7B1A6158792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F21A0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 202COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/sqrt.c
                                                                                                                                • API String ID: 0-507451178
                                                                                                                                • Opcode ID: 64623941c4ea4df48116d3a350a019603f0c83c05d9da57cfd25f39be9f72b2a
                                                                                                                                • Instruction ID: d10bfab7cef899bd571df2783e7b0c5e5db8a316d29aae84eca1cb795f824905
                                                                                                                                • Opcode Fuzzy Hash: 64623941c4ea4df48116d3a350a019603f0c83c05d9da57cfd25f39be9f72b2a
                                                                                                                                • Instruction Fuzzy Hash: 0761C875604306EFE7209F199C59B2BB7E8AF5075CF49842CFE4A9B281E774D900CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531740, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(?,00000000,00000000,-00000020,?,?,013FCEF5,017287C4,00000000,-00000020), ref: 01531757
                                                                                                                                • sk_num.ADB(00000000,-00000020), ref: 01531762
                                                                                                                                • sk_dup.ADB(00000000,?,-00000020), ref: 01531771
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_malloc.ADB(00000014,?,-00000020,?,?,01531776,00000000,?,-00000020), ref: 01424B07
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_malloc.ADB(00000010,00000000), ref: 01424B3D
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_realloc.ADB(?,?,?,00000000), ref: 01424B7B
                                                                                                                                  • Part of subcall function 01424AF0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 01424B9C
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(?,?,?,-00000020), ref: 0153177C
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,000000DD,?,?,?,-00000020), ref: 01531798
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(?,?,-00000020), ref: 015317A6
                                                                                                                                • sk_num.ADB(00000000,?,?,-00000020), ref: 015317B1
                                                                                                                                • sk_num.ADB(00000000,?,?,?,?,?,-00000020), ref: 015317F4
                                                                                                                                • sk_value.ADB(00000000,00000000,?,?,?,-00000020), ref: 01531802
                                                                                                                                • sk_num.ADB(?,?,?,?,?,?,?,?,?,-00000020), ref: 01531827
                                                                                                                                • sk_value.ADB(?,00000000,?,?,?,?,?,?,?,?,?,-00000020), ref: 0153183A
                                                                                                                                • sk_free.ADB(00000000,?,?,?,-00000020), ref: 01531847
                                                                                                                                • sk_free.ADB(?,?,?,?,?,-00000020), ref: 01531855
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/ex_data.c, xrefs: 0153178D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sk_num$L_mallocX_unlock_readsk_freesk_value$L_reallocR_put_errorX_lock_readmemcpysk_dup
                                                                                                                                • String ID: external/boringssl/src/crypto/ex_data.c
                                                                                                                                • API String ID: 37590746-3791220694
                                                                                                                                • Opcode ID: 5f29b3621af033612c203002a091f90d9981ceddaff787e54ff945aa53e4297d
                                                                                                                                • Instruction ID: ed8f35ebef78fa5f23da116015619cd096f5ed3814afb50b5a7286efd986dfd8
                                                                                                                                • Opcode Fuzzy Hash: 5f29b3621af033612c203002a091f90d9981ceddaff787e54ff945aa53e4297d
                                                                                                                                • Instruction Fuzzy Hash: AA313BF19006116BE6116A36ECC1B1B7BD4FFB4188F0C0439FA8A5B562F671E990C7A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01408FE0, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 309COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140905C
                                                                                                                                • BN_num_bits.ADB(?), ref: 01409080
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 01409107
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_malloc.ADB(31000000), ref: 01408B49
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_free.ADB(?), ref: 01408B5F
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_cleanse.ADB(?,?), ref: 01408BC3
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_cleanse.ADB(?,?), ref: 01408C19
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000071,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000212), ref: 01409285
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 01409292
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0140929E
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000008B,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,0000022D), ref: 014092D8
                                                                                                                                • EVP_DigestInit_ex.ADB(?,?), ref: 014092EF
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 0140935E
                                                                                                                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 01409374
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000069,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,0000023C), ref: 01409390
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_cleanseL_freeR_put_error$L_mallocN_num_bits$DigestInit_exmallocmemcmp
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 1640542325-2078984126
                                                                                                                                • Opcode ID: e946afae1e7fd0531c091a15c4b0a41b8c3e99509d9fb680074c690a3903b392
                                                                                                                                • Instruction ID: d8844c9a5c9cd5ece27b57a2c7fe78ab9db6cdc6731def3b4dc524ca50bf5911
                                                                                                                                • Opcode Fuzzy Hash: e946afae1e7fd0531c091a15c4b0a41b8c3e99509d9fb680074c690a3903b392
                                                                                                                                • Instruction Fuzzy Hash: BFB11771A083019BD7118F2ACC41A6BB7E5BFD4318F044A2EFA99672E3D771E945C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01402860, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 221COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402909
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402920
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 0140296D
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0140298A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000080), ref: 014029AF
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402A46
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402A5B
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402B17
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402B28
                                                                                                                                • EVP_MD_CTX_copy_ex.ADB(?,?), ref: 01402B5F
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 01402B82
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 01402B77
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_malloc$L_cleanseR_put_errorX_copy_exmemcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 3437616834-820803757
                                                                                                                                • Opcode ID: f5d9ca8af20002ce1d0d4788377444e4d4c6c4095b34431500973abe166208be
                                                                                                                                • Instruction ID: ad16d50429966dd7dabf9cf172761ec6c7c0acd4f149635873650c024730835f
                                                                                                                                • Opcode Fuzzy Hash: f5d9ca8af20002ce1d0d4788377444e4d4c6c4095b34431500973abe166208be
                                                                                                                                • Instruction Fuzzy Hash: 94A1B570848BC5A7EB235F2DD846BE6F3B4BFA4215F044725EE8412161F732A6D6C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBA40, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FBA60
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FBA7B
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000004,00000000,000000CC), ref: 013FBA94
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBA9F
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002CA), ref: 013FBABB
                                                                                                                                • EC_GROUP_free.ADB(00000000), ref: 013FBAC5
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FBACE
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9), ref: 013FBAF6
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FBB16
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000048,?,00000044), ref: 013FBB28
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-0000008C,?,00000044), ref: 013FBB41
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$R_put_error$L_freeL_mallocO_refcount_incP_cmpP_freemallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1605379197-1759677748
                                                                                                                                • Opcode ID: 5f2a90b524ec3559c136be5230e28e76d486d868f384001cabaf0c0a9c4fadb7
                                                                                                                                • Instruction ID: f1502be71701d6cd1dae6831fc9366bd9cfad3afb7879f19f64049ac22d84ea5
                                                                                                                                • Opcode Fuzzy Hash: 5f2a90b524ec3559c136be5230e28e76d486d868f384001cabaf0c0a9c4fadb7
                                                                                                                                • Instruction Fuzzy Hash: 1B212CF2B403067BFA20AA55EC87F57765C9F7074CF040038FB095A1C9F5B2D51886A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043564A, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140memorylibraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E7043564A(void* __edx) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				void* _v24;
				intOrPtr _v28;
				long _v32;
				struct _MEMORY_BASIC_INFORMATION _v60;
				struct _SYSTEM_INFO _v96;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				void* _t43;
				void* _t44;
				void* _t48;
				signed int _t54;
				struct HINSTANCE__* _t62;
				_Unknown_base(*)()* _t63;
				long _t65;
				intOrPtr _t67;
				void* _t68;
				long _t73;
				void* _t78;
				signed int _t83;
				void* _t84;

				_t72 = __edx;
				_t40 =  *0x7043e060; // 0x4d88bf16
				_v8 = _t40 ^ _t83;
				_t78 = 0;
				_v16 = 0;
				_t43 = E70435C06( &_v16);
				_pop(_t68);
				if(_t43 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E7043930E(_t67, _t68, __edx, _t73, 0);
					_t84 = _t84 + 0x14;
				}
				_t44 = 4;
				E704393D0(_t44);
				_v24 = _t84;
				if(VirtualQuery(_v24,  &_v60, 0x1c) == 0) {
					L21:
					_t48 = 0;
					L22:
					return E704347BF(_t48, _t67, _v8 ^ _t83, _t72, _t73, _t78);
				}
				_v28 = _v60.AllocationBase;
				GetSystemInfo( &_v96);
				_t67 = _v96.dwPageSize;
				asm("sbb edi, edi");
				_t73 = ( ~(_v16 - 1) & 0x00000103) + 1;
				_v12 = _t78;
				if(_v16 != 2) {
					L10:
					_t78 = _t67 - 1;
					if(E7043561E(_v12, _t78,  &_v12) < 0) {
						goto L21;
					}
					_t78 =  !_t78;
					_t23 =  &_v12;
					 *_t23 = _v12 & _t78;
					if( *_t23 == 0 || E7043561E(_v12, _t67,  &_v12) >= 0) {
						_t54 = _t67 + _t67;
						if(_v12 < _t54) {
							_v12 = _t54;
						}
						_t78 = ( !(_t67 - 1) & _v24) - _v12;
						if(_v16 == 1) {
							_t67 = 0x11;
						}
						if(_t78 < _t67 || VirtualAlloc(_t78, _v12, 0x1000, 4) == 0 || VirtualProtect(_t78, _v12, _t73,  &_v32) == 0) {
							goto L21;
						} else {
							_t48 = 1;
							goto L22;
						}
					} else {
						goto L21;
					}
				}
				_v20 = _t78;
				_t62 = GetModuleHandleW(L"kernelbase.dll");
				if(_t62 != 0) {
					L6:
					_t63 = GetProcAddress(_t62, "SetThreadStackGuarantee");
					if(_t63 != 0) {
						_v20 = _v20 & 0x00000000;
						_push( &_v20);
						if( *_t63() == 1) {
							_t65 = _v20;
							if(_t65 > 0) {
								_v12 = _t65;
							}
						}
					}
					goto L10;
				}
				_t62 = GetModuleHandleW(L"kernel32.dll");
				if(_t62 == 0) {
					goto L10;
				}
				goto L6;
			}






























                                                                                                                                0x7043564a
                                                                                                                                0x70435652
                                                                                                                                0x70435659
                                                                                                                                0x70435662
                                                                                                                                0x70435665
                                                                                                                                0x70435668
                                                                                                                                0x7043566d
                                                                                                                                0x70435670
                                                                                                                                0x70435672
                                                                                                                                0x70435673
                                                                                                                                0x70435674
                                                                                                                                0x70435675
                                                                                                                                0x70435676
                                                                                                                                0x70435677
                                                                                                                                0x7043567c
                                                                                                                                0x7043567c
                                                                                                                                0x70435681
                                                                                                                                0x70435682
                                                                                                                                0x70435687
                                                                                                                                0x7043569b
                                                                                                                                0x7043579b
                                                                                                                                0x7043579b
                                                                                                                                0x7043579d
                                                                                                                                0x704357ae
                                                                                                                                0x704357ae
                                                                                                                                0x704356a4
                                                                                                                                0x704356ab
                                                                                                                                0x704356b4
                                                                                                                                0x704356ba
                                                                                                                                0x704356c2
                                                                                                                                0x704356c7
                                                                                                                                0x704356ca
                                                                                                                                0x70435714
                                                                                                                                0x70435718
                                                                                                                                0x70435729
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043572b
                                                                                                                                0x7043572d
                                                                                                                                0x7043572d
                                                                                                                                0x70435730
                                                                                                                                0x70435746
                                                                                                                                0x7043574c
                                                                                                                                0x7043574e
                                                                                                                                0x7043574e
                                                                                                                                0x70435759
                                                                                                                                0x70435760
                                                                                                                                0x70435764
                                                                                                                                0x70435764
                                                                                                                                0x7043576c
                                                                                                                                0x00000000
                                                                                                                                0x70435796
                                                                                                                                0x70435798
                                                                                                                                0x00000000
                                                                                                                                0x70435798
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70435730
                                                                                                                                0x704356cc
                                                                                                                                0x704356da
                                                                                                                                0x704356de
                                                                                                                                0x704356eb
                                                                                                                                0x704356f1
                                                                                                                                0x704356f9
                                                                                                                                0x704356fb
                                                                                                                                0x70435702
                                                                                                                                0x70435708
                                                                                                                                0x7043570a
                                                                                                                                0x7043570f
                                                                                                                                0x70435711
                                                                                                                                0x70435711
                                                                                                                                0x7043570f
                                                                                                                                0x70435708
                                                                                                                                0x00000000
                                                                                                                                0x704356f9
                                                                                                                                0x704356e5
                                                                                                                                0x704356e9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 70435668
                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 70435693
                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 704356AB
                                                                                                                                • GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 704356DA
                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 704356E5
                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 704356F1
                                                                                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 70435779
                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 7043578C
                                                                                                                                  • Part of subcall function 7043930E: OutputDebugStringA.KERNEL32(Invalid parameter passed to C runtime function.), ref: 704393A2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Virtual$HandleModule$AddressAllocDebugInfoOutputProcProtectQueryStringSystem__get_wpgmptr
                                                                                                                                • String ID: SetThreadStackGuarantee$kernel32.dll$kernelbase.dll
                                                                                                                                • API String ID: 2360367170-621517
                                                                                                                                • Opcode ID: 5d0d1eb65228065661d29e6f77ad3ec0c2cb58d338a2967a11edaf6e0be6bd22
                                                                                                                                • Instruction ID: 9f0f309bed9cd35271233cc9e14cec502c12766f97bc531c49cfe514d8434b8d
                                                                                                                                • Opcode Fuzzy Hash: 5d0d1eb65228065661d29e6f77ad3ec0c2cb58d338a2967a11edaf6e0be6bd22
                                                                                                                                • Instruction Fuzzy Hash: 3E415072E00119EBDB01DBA1CD45ADEFFB9AF08754F901069E916F7250E7389A45CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD7D0, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FD806
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FD825
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC), ref: 013FD83C
                                                                                                                                • EC_POINT_set_affine_coordinates_GFp.ADB(?,00000000,?,?), ref: 013FD84C
                                                                                                                                • EC_KEY_set_public_key.ADB(?,00000000), ref: 013FD85C
                                                                                                                                • EC_KEY_check_key.ADB(?), ref: 013FD869
                                                                                                                                • EC_GROUP_free.ADB(00000000), ref: 013FD87A
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD883
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000017A), ref: 013FD89D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FD8B3
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FD892
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocO_refcount_incP_freeR_put_errorT_set_affine_coordinates_Y_check_keyY_set_public_keymallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c$external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1122203723-1377655820
                                                                                                                                • Opcode ID: 664706d6caa1708141481425c0fae0f3de7b8d250bfce961f4626edc9704f296
                                                                                                                                • Instruction ID: 071f4077e32b8e6562ae2995ede69c039ed33827384962d0c5ee1f1cedc187ed
                                                                                                                                • Opcode Fuzzy Hash: 664706d6caa1708141481425c0fae0f3de7b8d250bfce961f4626edc9704f296
                                                                                                                                • Instruction Fuzzy Hash: FC11B7F17403026BF6217EE9AC49F673D6CAF70A4DF04003DFB0D56191F6A1D51981A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D58C0, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D58CB
                                                                                                                                • ASN1_item_new.ADB(?), ref: 013D58DC
                                                                                                                                • CRYPTO_BUFFER_data.ADB(?), ref: 013D58F5
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D5905
                                                                                                                                • ASN1_item_d2i.ADB(?,?,00000000,?), ref: 013D591B
                                                                                                                                • CRYPTO_BUFFER_data.ADB(?), ref: 013D592E
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D5939
                                                                                                                                • CRYPTO_BUFFER_up_ref.ADB(?), ref: 013D5946
                                                                                                                                  • Part of subcall function 01521F30: CRYPTO_refcount_inc.ADB(?,013D594B,?), ref: 01521F38
                                                                                                                                • ERR_put_error.ADB(00000010,00000000,00000045,external/boringssl/src/crypto/x509/x_x509.c,0000009C), ref: 013D5963
                                                                                                                                • ASN1_item_free.ADB(?,?), ref: 013D5976
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/x509/x_x509.c, xrefs: 013D5958
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_len$R_data$N1_item_d2iN1_item_freeN1_item_newO_refcount_incR_put_errorR_up_ref
                                                                                                                                • String ID: external/boringssl/src/crypto/x509/x_x509.c
                                                                                                                                • API String ID: 1886072032-1906900934
                                                                                                                                • Opcode ID: 5d7bba055a2440f593dbd113669a230d1955dc92f28e13c6358a3ed2e5e9ff4b
                                                                                                                                • Instruction ID: 6517d6237c643d713177301e27a50e9283b28bf2ec07150c0e1aa4ef82a2375d
                                                                                                                                • Opcode Fuzzy Hash: 5d7bba055a2440f593dbd113669a230d1955dc92f28e13c6358a3ed2e5e9ff4b
                                                                                                                                • Instruction Fuzzy Hash: C611C8E7E0031267E21076357C82E3F79A85BF3998F080039F95A9A282F771F91491B3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E2AF0, Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 395COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/div.c,000001CF), ref: 013E2B1B
                                                                                                                                • OPENSSL_realloc.ADB(?,?), ref: 013E2BF3
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E2C4E
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E2C6E
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E2C7C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 013E2D01
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 013E2D32
                                                                                                                                • BN_copy.ADB(?,00000000), ref: 013E2F9B
                                                                                                                                • BN_copy.ADB(?,?), ref: 013E2FB8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_get$N_copymemset$L_reallocR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/div.c
                                                                                                                                • API String ID: 949381162-970073626
                                                                                                                                • Opcode ID: 5dcdc16c512b159dd0befe943335ab892e487d946fa029704624d4c942d0babc
                                                                                                                                • Instruction ID: be7676628dc3e76cad449aed9ed62cba9ecef0683fd34a300ec7bd4a1e6ba209
                                                                                                                                • Opcode Fuzzy Hash: 5dcdc16c512b159dd0befe943335ab892e487d946fa029704624d4c942d0babc
                                                                                                                                • Instruction Fuzzy Hash: 4EE1C471A043158FDB11CF28C884B1BBBE9BFC5358F198A2CE99997391E771E841CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 015315A0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(0000000C,?,?,013D59D5,017287B4,?,?,?,?), ref: 015315A4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_write.ADB(?), ref: 015315CB
                                                                                                                                • sk_new_null.ADB ref: 015315DA
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000014,00000000,015315DF), ref: 014244E3
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000010), ref: 01424515
                                                                                                                                • sk_push.ADB(?,00000000), ref: 015315E8
                                                                                                                                • sk_num.ADB(?), ref: 015315FB
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,0000008A), ref: 01531624
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,0000009A), ref: 01531640
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 01531649
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_write.ADB(?), ref: 01531654
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_malloc$R_put_error$L_freeX_lock_writeX_unlock_writemallocsk_new_nullsk_numsk_push
                                                                                                                                • String ID: external/boringssl/src/crypto/ex_data.c
                                                                                                                                • API String ID: 764249877-3791220694
                                                                                                                                • Opcode ID: e001a4b686a71aa52eae81441c3d5046b13f75dbeba3f0f2de07b9497105ecf7
                                                                                                                                • Instruction ID: a227c0eba4f7b3ddb7c4d42bea812670c68e884e1f5598fa9301672eb7337d7f
                                                                                                                                • Opcode Fuzzy Hash: e001a4b686a71aa52eae81441c3d5046b13f75dbeba3f0f2de07b9497105ecf7
                                                                                                                                • Instruction Fuzzy Hash: E71129F5A4072267E620AA65AC41F1BB7D0BFB0640F48443EF94EAB691F670E440C6A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D31E0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D31E4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D3249
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000007D,external/boringssl/src/crypto/evp/evp.c,00000175), ref: 013D32B1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D32CE
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D32DC
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000), ref: 013D32E5
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013D3316
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_freeL_mallocO_refcount_dec_and_test_zeroR_add_error_datafmalloc
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 143220537-1871829391
                                                                                                                                • Opcode ID: 47c0b15b1bb8ff1b13097f8804410ae1d22447be7e3377189c327b2eb6a4f229
                                                                                                                                • Instruction ID: aa6d49b34858c4223b767ca88bf92770dadf41f7fb0b2267fe3095bae4e763f0
                                                                                                                                • Opcode Fuzzy Hash: 47c0b15b1bb8ff1b13097f8804410ae1d22447be7e3377189c327b2eb6a4f229
                                                                                                                                • Instruction Fuzzy Hash: F431E4F2B80311ABFB219A1DEC05F5B3AA47B50718F058029F6099B2A1DBB1E845C753
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D3090, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D3094
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D30F9
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000007D,external/boringssl/src/crypto/evp/evp.c,0000015D), ref: 013D3161
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D317E
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D318C
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000), ref: 013D3195
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013D31C6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_freeL_mallocO_refcount_dec_and_test_zeroR_add_error_datafmalloc
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 143220537-1871829391
                                                                                                                                • Opcode ID: b3a05bdfcef20951131c7d739458da330b62ea1c57050383dc8f2e58e8cfcf7f
                                                                                                                                • Instruction ID: 890526a46eb66481486de485202f2663d605162f529862841655ced7ae276caf
                                                                                                                                • Opcode Fuzzy Hash: b3a05bdfcef20951131c7d739458da330b62ea1c57050383dc8f2e58e8cfcf7f
                                                                                                                                • Instruction Fuzzy Hash: 5531E6F27843125BE721AA2AFC06F5B3AB47B50708F058029F60A5B2E1D7B5E951C753
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FA6B0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 013FA6B7
                                                                                                                                • CRYPTO_once.ADB(01742AB0,014007D0), ref: 013FA6E4
                                                                                                                                • OPENSSL_malloc.ADB(00000158), ref: 013FA6FE
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,00000154), ref: 013FA71B
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000042,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000119), ref: 013FA7A4
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FA7B4
                                                                                                                                • EC_GROUP_free.ADB(00000000), ref: 013FA7D4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocN_num_bitsO_onceP_freeR_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1374295890-1759677748
                                                                                                                                • Opcode ID: 58f1877c05ecee6a150f06813c3271df908d3131919d6a34081d81c93d10b31f
                                                                                                                                • Instruction ID: 64da7f7cfa09fa75ff22c3c01f0a9c46f9d3301ee69af66a00117d0c1c292895
                                                                                                                                • Opcode Fuzzy Hash: 58f1877c05ecee6a150f06813c3271df908d3131919d6a34081d81c93d10b31f
                                                                                                                                • Instruction Fuzzy Hash: 2721F4B178030177F6341A45EC46F977AA46B60B0CF04442DFB0FABAD2D3F9A18986D6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD040, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_new_method.ADB(00000000), ref: 013FD04E
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_malloc.ADB(00000024,?,?,013FCE37,00000000), ref: 013FCE44
                                                                                                                                  • Part of subcall function 013FCE40: ENGINE_get_ECDSA_method.ADB(?,?,?,?,?,?,?,?,00000000), ref: 013FCE9F
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_new_ex_data.ADB(-00000020,?,?,?,?,?,?,?,00000000), ref: 013FCEC9
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_free_ex_data.ADB(017287C4,00000000,-00000020), ref: 013FCEF0
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_free.ADB(00000000), ref: 013FCF09
                                                                                                                                • EC_GROUP_cmp.ADB(00000000), ref: 013FD073
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000082,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000DE), ref: 013FD092
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000B7), ref: 013FD0AC
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FD0C5
                                                                                                                                • EC_KEY_set_public_key.ADB(00000000,?), ref: 013FD0D8
                                                                                                                                • EC_KEY_set_private_key.ADB(00000000,?), ref: 013FD0ED
                                                                                                                                • EC_KEY_free.ADB(00000000), ref: 013FD10A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$A_methodE_get_L_freeL_mallocO_free_ex_dataO_new_ex_dataO_refcount_incP_cmpY_freeY_new_methodY_set_private_keyY_set_public_key
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1185589284-3769350328
                                                                                                                                • Opcode ID: cf9aee4fc735ef5065af9705ca612d8b6e04ff36d6511aa9c55d9250db93095f
                                                                                                                                • Instruction ID: fa3ecfb3c04a5f3e660bf396736444914d644a135540757842101ab716877760
                                                                                                                                • Opcode Fuzzy Hash: cf9aee4fc735ef5065af9705ca612d8b6e04ff36d6511aa9c55d9250db93095f
                                                                                                                                • Instruction Fuzzy Hash: E4218AB574030767FA606EA9AC49F27779C6B20A4CF08003DEF09DB281F661E51586B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014087F0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 246COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742954,013F7810), ref: 01408813
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007E,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000155), ref: 01408873
                                                                                                                                • EVP_Digest.ADB(?,?,?,00000000,?), ref: 014088AA
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 014088DB
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0140891B
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 01408947
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DigestL_mallocO_onceR_put_errormemcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 1073310367-2078984126
                                                                                                                                • Opcode ID: 7926ec89af3f766fa5aa48d8b5747f72298094faca68f005d61636b25dda3e2a
                                                                                                                                • Instruction ID: d3e8c16a3c1d0347fba7d002f0028efa8b2400dd9c50a70d65233e0600ddf7ab
                                                                                                                                • Opcode Fuzzy Hash: 7926ec89af3f766fa5aa48d8b5747f72298094faca68f005d61636b25dda3e2a
                                                                                                                                • Instruction Fuzzy Hash: 5E91E631E083429BD715CF29D941A6BB7E1BFD4204F048A3DF99997392E730E985CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EE960, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE96E
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000009C), ref: 013E1638
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE979
                                                                                                                                  • Part of subcall function 013E1610: sk_new_null.ADB ref: 013E164F
                                                                                                                                  • Part of subcall function 013E1610: sk_num.ADB ref: 013E1662
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_malloc.ADB(00000014), ref: 013E1670
                                                                                                                                  • Part of subcall function 013E1610: sk_push.ADB(?,00000000), ref: 013E16A3
                                                                                                                                  • Part of subcall function 013E1610: sk_value.ADB(?,?), ref: 013E16B4
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,000000AE), ref: 013E1727
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_free.ADB(00000000), ref: 013E1738
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_free.ADB(00000000), ref: 013E1750
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE985
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E16DE
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,000000AE), ref: 013E1704
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE991
                                                                                                                                • CRYPTO_once.ADB(017423C0,013E02A0), ref: 013EE9D3
                                                                                                                                  • Part of subcall function 013DFC20: ERR_put_error.ADB(00000003,00000000,00000064,external/boringssl/src/crypto/fipsmodule/bn/add.c,000000FB,?,?,?,?,?,?,?,?), ref: 013DFD53
                                                                                                                                • BN_count_low_zero_bits.ADB ref: 013EE9F9
                                                                                                                                • bn_rshift_secret_shift.ADB(00000000,?,00000000,?), ref: 013EEA0A
                                                                                                                                • BN_num_bits.ADB ref: 013EEA1D
                                                                                                                                • BN_from_montgomery.ADB(00000000,?,?,?), ref: 013EEA44
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$X_get$L_free$L_mallocN_count_low_zero_bitsN_from_montgomeryN_num_bitsO_oncebn_rshift_secret_shiftsk_new_nullsk_numsk_pushsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2418275391-0
                                                                                                                                • Opcode ID: c77c0afc1dea5c82b3898ac75d1e685419dfe314ec022a940d0a80db95b1e1a0
                                                                                                                                • Instruction ID: 7131d268a9f5c2cf1230fdfb6e870a4dcb4a120e00bcc85241e6d30514f819b5
                                                                                                                                • Opcode Fuzzy Hash: c77c0afc1dea5c82b3898ac75d1e685419dfe314ec022a940d0a80db95b1e1a0
                                                                                                                                • Instruction Fuzzy Hash: 284161B55003129FFB14DF19E848A27BBE9FB54208F04443CE95A87391E731E955CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCE40, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000024,?,?,013FCE37,00000000), ref: 013FCE44
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ENGINE_get_ECDSA_method.ADB(?,?,?,?,?,?,?,?,00000000), ref: 013FCE9F
                                                                                                                                • CRYPTO_new_ex_data.ADB(-00000020,?,?,?,?,?,?,?,00000000), ref: 013FCEC9
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287C4,00000000,-00000020), ref: 013FCEF0
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FCF09
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000041,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000006F), ref: 013FCF20
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FCF15
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_methodE_get_L_freeL_mallocO_free_ex_dataO_new_ex_dataR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 4246258935-3769350328
                                                                                                                                • Opcode ID: 321dee4909aa447a8769f7a2322439ebc65c549b1767f11f126413b2e8087514
                                                                                                                                • Instruction ID: 616433e08d4e6e40d13a63575c88ab02ac16a6fc856950fe46d0fffa92d2658e
                                                                                                                                • Opcode Fuzzy Hash: 321dee4909aa447a8769f7a2322439ebc65c549b1767f11f126413b2e8087514
                                                                                                                                • Instruction Fuzzy Hash: B82162F1A407036BF7209F26AC19B57B6E4BF60708F04452CEA0A8B781F7B5E15987D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCF80, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000,00000000,?,013FCF59,00000000), ref: 013FCF92
                                                                                                                                • EC_GROUP_free.ADB(?,00000000), ref: 013FCFC0
                                                                                                                                • EC_GROUP_free.ADB(?,?,00000000), ref: 013FCFD1
                                                                                                                                • OPENSSL_free.ADB(?,?,?,00000000), ref: 013FCFDA
                                                                                                                                • OPENSSL_free.ADB(?,?,00000000), ref: 013FCFE5
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FCFFD
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FD018
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287C4,?,?,?,?,00000000), ref: 013FD02A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$P_free$O_free_ex_dataO_refcount_dec_and_test_zero
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1527703775-0
                                                                                                                                • Opcode ID: 5529e29469eac7af77260edfd9804fec1b7f58f320b4413b42b6b6bf94e715e7
                                                                                                                                • Instruction ID: bb98a73c52d015e6df781202250f16914ff69eea96bed5b1d6b5f97564b9db40
                                                                                                                                • Opcode Fuzzy Hash: 5529e29469eac7af77260edfd9804fec1b7f58f320b4413b42b6b6bf94e715e7
                                                                                                                                • Instruction Fuzzy Hash: 4B110BF6A0071357E621AE69F804EABB7747F6065CB44443DDA0547221F732F417D782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531670, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • sk_new_null.ADB(?,?,?,013D5A05,?,?,?), ref: 0153167D
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000014,00000000,015315DF), ref: 014244E3
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000010), ref: 01424515
                                                                                                                                • sk_num.ADB(?,?,?,?,013D5A05,?,?,?), ref: 0153168D
                                                                                                                                • sk_push.ADB(00000000,00000000), ref: 015316A3
                                                                                                                                • sk_set.ADB(00000000,?,?), ref: 015316BC
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,000000B8), ref: 015316E2
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/ex_data.c, xrefs: 015316D7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_malloc$R_put_errorsk_new_nullsk_numsk_pushsk_set
                                                                                                                                • String ID: external/boringssl/src/crypto/ex_data.c
                                                                                                                                • API String ID: 40044487-3791220694
                                                                                                                                • Opcode ID: 3dbbbf595abf099b765d086346941315c0dcc59021b436997efb773aa31dfa49
                                                                                                                                • Instruction ID: 5902aab03e2db5678035a73711b3acdcc1dec285c29b3055eca08caa579a0dfc
                                                                                                                                • Opcode Fuzzy Hash: 3dbbbf595abf099b765d086346941315c0dcc59021b436997efb773aa31dfa49
                                                                                                                                • Instruction Fuzzy Hash: 69012BB174072267E610A5F9ACC1F1677C8EBF4684F0C0439FA41DB580E660D8908766
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409800, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000060,?,?,?,014097F7,00000000), ref: 01409805
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_once.ADB(01742B50,0140DD00), ref: 014098E1
                                                                                                                                • CRYPTO_MUTEX_init.ADB(00000030,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01409910
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000041,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000005A), ref: 01409971
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa.c, xrefs: 01409966
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_onceR_put_errorX_initmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 3367932988-3754478375
                                                                                                                                • Opcode ID: e073aaa1041a8813f0e0ca7e47e460d60e65ec28a8f7fc566116306771cc9c1d
                                                                                                                                • Instruction ID: 0b3d822090c6423e51defc6a268fcb3feee32fdc26a4de0f550aaafee76a6dce
                                                                                                                                • Opcode Fuzzy Hash: e073aaa1041a8813f0e0ca7e47e460d60e65ec28a8f7fc566116306771cc9c1d
                                                                                                                                • Instruction Fuzzy Hash: C721C4F0600B12ABE3109F26D9A9743FBE4BB54308F504518E5088BB81E3BAE468CFD5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FAB20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(000000D0,00000000,?,013FA9F6,?), ref: 013FAB2F
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,?), ref: 013FAB4A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC,?), ref: 013FAB61
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9,00000000,?,013FA9F6,?), ref: 013FAB89
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_refcount_incR_put_errormallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2566239617-1759677748
                                                                                                                                • Opcode ID: c5144b2bfe6348e09b80179cf259768d1c0a00e93ddf61321a6d6994363a08c5
                                                                                                                                • Instruction ID: 3a0c02312bd3a93518de81a7db33cf9561deff2abf8036b1ab41d6cdb6ff6089
                                                                                                                                • Opcode Fuzzy Hash: c5144b2bfe6348e09b80179cf259768d1c0a00e93ddf61321a6d6994363a08c5
                                                                                                                                • Instruction Fuzzy Hash: 8BF090A6B803167AF9602559AC0BF4272985B60F1CF040A3EF74DBB6C5E5E0D98182D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014099B0, Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(?), ref: 014099BE
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287D0,?,?), ref: 014099EE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_free_ex_dataO_refcount_dec_and_test_zero
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 471459411-0
                                                                                                                                • Opcode ID: d439d04b8b2e32137b4bcc9e66466000e5c90a0d8f4c6ad36071b4e53f329f33
                                                                                                                                • Instruction ID: cea7a6ac73c86f519ea53417ac58baf8389ea1f523be0dfacba447889f06fd2e
                                                                                                                                • Opcode Fuzzy Hash: d439d04b8b2e32137b4bcc9e66466000e5c90a0d8f4c6ad36071b4e53f329f33
                                                                                                                                • Instruction Fuzzy Hash: 9011A576600B008BD6329E6FE400613F7B6BEC0D2835E093E895E27B66E731F4118B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013611E0, Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 01361218
                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 01361229
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 01361231
                                                                                                                                • GetTickCount.KERNEL32 ref: 0136123A
                                                                                                                                • QueryPerformanceCounter.KERNEL32 ref: 01361249
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                • Opcode ID: 7cd2bfd97a83a1f29620feb97dd759325ec16aa6573d9caf83a7a6704e8acaf9
                                                                                                                                • Instruction ID: 70d52bc367c5d6029bc68e5e3224100df05b7de2aea8a9da1242bc943f304f4d
                                                                                                                                • Opcode Fuzzy Hash: 7cd2bfd97a83a1f29620feb97dd759325ec16aa6573d9caf83a7a6704e8acaf9
                                                                                                                                • Instruction Fuzzy Hash: CD1119B6D042188BCF209FF8E8485CEFBF4FB48664F459526D915F7204DB3269648BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FA800, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(013FA8E5,00000000,013FA7D9,00000000), ref: 013FA818
                                                                                                                                • OPENSSL_free.ADB(689066CE,00000000), ref: 013FA83B
                                                                                                                                • OPENSSL_free.ADB(014007D0,00000000), ref: 013FA84D
                                                                                                                                • OPENSSL_free.ADB(013FA7E1,00000000), ref: 013FA868
                                                                                                                                • BN_MONT_CTX_free.ADB(0000841F,?,00000000), ref: 013FA873
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$O_refcount_dec_and_test_zeroX_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1852816247-0
                                                                                                                                • Opcode ID: 80b072bf8d64d9d36e401465bc1dccf8089f71f9219ff94d8d432bf79735622a
                                                                                                                                • Instruction ID: d68c2ab647cdc59c206ce061e758a1d5ad6425f99b9268311c28c794419ee38a
                                                                                                                                • Opcode Fuzzy Hash: 80b072bf8d64d9d36e401465bc1dccf8089f71f9219ff94d8d432bf79735622a
                                                                                                                                • Instruction Fuzzy Hash: CB01D4B19003118BEA319E29E844B977FE86F2020CF48843DDA4E97621E771F587CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD940, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(00000000,?), ref: 013FD95B
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000077,external/boringssl/src/crypto/fipsmodule/ec/oct.c,00000057), ref: 013FD977
                                                                                                                                • BN_num_bits.ADB(-00000024), ref: 013FDA2D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bitsP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 1287074226-1227443160
                                                                                                                                • Opcode ID: 463972cc686b4b5aac5f02c25f53e7323baa7b2d9413cf079cfffe98433f861e
                                                                                                                                • Instruction ID: 971e922f4dfe54664079fb367dc6e64400b9506678cb5a54f8cc9db19edb2b3e
                                                                                                                                • Opcode Fuzzy Hash: 463972cc686b4b5aac5f02c25f53e7323baa7b2d9413cf079cfffe98433f861e
                                                                                                                                • Instruction Fuzzy Hash: 3CA14771D2979246EB128A7CCC46766B791AFE7288F04C71EFEE4B2293F770D1808641
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EB8D0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000069,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000000A5), ref: 013EB983
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013EB9D1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errormemcpy
                                                                                                                                • String ID: @$external/boringssl/src/crypto/fipsmodule/bn/montgomery.c
                                                                                                                                • API String ID: 1385177007-3702601206
                                                                                                                                • Opcode ID: 0b6723cdd1920bb46d6a4b17f49ad82e3f26c60fac094d4cab9adf4ede296272
                                                                                                                                • Instruction ID: 3075ccd31f2e0d6a91061f16806e2438cb2af0b7d0a1a25389415a14aa614694
                                                                                                                                • Opcode Fuzzy Hash: 0b6723cdd1920bb46d6a4b17f49ad82e3f26c60fac094d4cab9adf4ede296272
                                                                                                                                • Instruction Fuzzy Hash: 6E51267160432A8FE7128F28DC86B65F7D5BF91308F18822DF949AB2C9E7759951C780
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD120, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FD135
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000082,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000DE), ref: 013FD154
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FD171
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FD146
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_incP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 2070707081-3769350328
                                                                                                                                • Opcode ID: eeec56a6a31f528bc9bad4f1b56812f03320474bec408146aa35544f95fed33e
                                                                                                                                • Instruction ID: 707553b0c95c61a938931396177d4d0e5e57912977310898a5af5b819f90e1ec
                                                                                                                                • Opcode Fuzzy Hash: eeec56a6a31f528bc9bad4f1b56812f03320474bec408146aa35544f95fed33e
                                                                                                                                • Instruction Fuzzy Hash: 71F02BB1A0031377E77065AC6C09B13779C6F10B18F04492DFE0197284E6A4E44486E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F6D00, Relevance: 6.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DES_encrypt3.ADB(?,?,?,?), ref: 013F6D7E
                                                                                                                                • DES_encrypt3.ADB(?,?,?,00000000), ref: 013F6E6B
                                                                                                                                • DES_decrypt3.ADB(?,?,?,?), ref: 013F6EE8
                                                                                                                                • DES_decrypt3.ADB(00000000,?,?,?), ref: 013F6F95
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: S_decrypt3S_encrypt3
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3533206369-0
                                                                                                                                • Opcode ID: f109d3383c8840b9d671c8d57b054c35a8c2aabcc73823f1854ea65ae7830786
                                                                                                                                • Instruction ID: 7be7ac740d7b7e0242f6f2e0b46b497ba10c475384e8093144e8c4e700b6c038
                                                                                                                                • Opcode Fuzzy Hash: f109d3383c8840b9d671c8d57b054c35a8c2aabcc73823f1854ea65ae7830786
                                                                                                                                • Instruction Fuzzy Hash: 69C13871609786DFC705CF1CC88055AFFE1AFA9204F49CA9DE9D89B352C231E815CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E4530, Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_mod_pow2.ADB(?,?,?), ref: 013E4543
                                                                                                                                  • Part of subcall function 013E4420: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 013E4472
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013E461A
                                                                                                                                • CRYPTO_once.ADB(017423C0,013E02A0), ref: 013E4698
                                                                                                                                • BN_add.ADB(?,?,017423C4), ref: 013E46A7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_addN_mod_pow2O_oncememcpymemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1832626755-0
                                                                                                                                • Opcode ID: 632d65aaab2bb9300d836e942111b9f3579bcb27fd9041f9c0558b8dad5fa5b9
                                                                                                                                • Instruction ID: c73072524636aca2520a53cd7945a195577d7deb156e37d5b28ff014fbddbe85
                                                                                                                                • Opcode Fuzzy Hash: 632d65aaab2bb9300d836e942111b9f3579bcb27fd9041f9c0558b8dad5fa5b9
                                                                                                                                • Instruction Fuzzy Hash: D2412572A01711CBE7248E2CE809B66B7E5EFD936CF18872CE565E76C1E730A550CB40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70987FB3, Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E70987FB3(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x709960d0; // 0x6ee0df6e
				if(_t29 != 0) {
					 *0x709974d0 = __eax;
					 *0x709974cc = __ecx;
					 *0x709974c8 = __edx;
					 *0x709974c4 = __ebx;
					 *0x709974c0 = __esi;
					 *0x709974bc = __edi;
					 *0x709974e8 = ss;
					 *0x709974dc = cs;
					 *0x709974b8 = ds;
					 *0x709974b4 = es;
					 *0x709974b0 = fs;
					 *0x709974ac = gs;
					asm("pushfd");
					_pop( *0x709974e0);
					 *0x709974d4 =  *_t26;
					 *0x709974d8 = _v0;
					 *0x709974e4 =  &_a4;
					 *0x70997420 = 0x10001;
					_t11 =  *0x709974d8; // 0x0
					 *0x709973dc = _t11;
					 *0x709973d0 = 0xc0000409;
					 *0x709973d4 = 1;
					_t12 =  *0x709960d0; // 0x6ee0df6e
					_v812 = _t12;
					_t13 =  *0x709960d4; // 0x911f2091
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x70981744);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                                                                                                                0x70987fb3
                                                                                                                                0x70987fb9
                                                                                                                                0x7098bb4c
                                                                                                                                0x7098bb51
                                                                                                                                0x7098bb57
                                                                                                                                0x7098bb5d
                                                                                                                                0x7098bb63
                                                                                                                                0x7098bb69
                                                                                                                                0x7098bb6f
                                                                                                                                0x7098bb76
                                                                                                                                0x7098bb7d
                                                                                                                                0x7098bb84
                                                                                                                                0x7098bb8b
                                                                                                                                0x7098bb92
                                                                                                                                0x7098bb99
                                                                                                                                0x7098bb9a
                                                                                                                                0x7098bba3
                                                                                                                                0x7098bbab
                                                                                                                                0x7098bbb3
                                                                                                                                0x7098bbbe
                                                                                                                                0x7098bbc8
                                                                                                                                0x7098bbcd
                                                                                                                                0x7098bbd2
                                                                                                                                0x7098bbdc
                                                                                                                                0x7098bbe6
                                                                                                                                0x7098bbeb
                                                                                                                                0x7098bbf1
                                                                                                                                0x7098bbf6
                                                                                                                                0x7098bbfe
                                                                                                                                0x7098bc09
                                                                                                                                0x7098bc22
                                                                                                                                0x70987fbb
                                                                                                                                0x70987fbb
                                                                                                                                0x70987fbb

                                                                                                                                APIs
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7098BBFE
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(70981744), ref: 7098BC09
                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 7098BC14
                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 7098BC1B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                • Opcode ID: 5a55471cd31fa04d37bc45016f46dfaef13b8a252cb39fed88d7949240356263
                                                                                                                                • Instruction ID: 7c67dd9e7c8db562d672f81b2ca12323f58597daee27033a5d7353e8f7ab68ef
                                                                                                                                • Opcode Fuzzy Hash: 5a55471cd31fa04d37bc45016f46dfaef13b8a252cb39fed88d7949240356263
                                                                                                                                • Instruction Fuzzy Hash: D221A376938200DFC341DF1BDD45744BFAABB88344B24406BE909A7372EB74D984AF56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704347BF, Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E704347BF(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x7043e060; // 0x4d88bf16
				if(_t29 != 0) {
					 *0x7043f138 = __eax;
					 *0x7043f134 = __ecx;
					 *0x7043f130 = __edx;
					 *0x7043f12c = __ebx;
					 *0x7043f128 = __esi;
					 *0x7043f124 = __edi;
					 *0x7043f150 = ss;
					 *0x7043f144 = cs;
					 *0x7043f120 = ds;
					 *0x7043f11c = es;
					 *0x7043f118 = fs;
					 *0x7043f114 = gs;
					asm("pushfd");
					_pop( *0x7043f148);
					 *0x7043f13c =  *_t26;
					 *0x7043f140 = _v0;
					 *0x7043f14c =  &_a4;
					 *0x7043f088 = 0x10001;
					_t11 =  *0x7043f140; // 0x0
					 *0x7043f044 = _t11;
					 *0x7043f038 = 0xc0000409;
					 *0x7043f03c = 1;
					_t12 =  *0x7043e060; // 0x4d88bf16
					_v812 = _t12;
					_t13 =  *0x7043e064; // 0xb27740e9
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x70431528);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                                                                                                                0x704347bf
                                                                                                                                0x704347c5
                                                                                                                                0x70437cdc
                                                                                                                                0x70437ce1
                                                                                                                                0x70437ce7
                                                                                                                                0x70437ced
                                                                                                                                0x70437cf3
                                                                                                                                0x70437cf9
                                                                                                                                0x70437cff
                                                                                                                                0x70437d06
                                                                                                                                0x70437d0d
                                                                                                                                0x70437d14
                                                                                                                                0x70437d1b
                                                                                                                                0x70437d22
                                                                                                                                0x70437d29
                                                                                                                                0x70437d2a
                                                                                                                                0x70437d33
                                                                                                                                0x70437d3b
                                                                                                                                0x70437d43
                                                                                                                                0x70437d4e
                                                                                                                                0x70437d58
                                                                                                                                0x70437d5d
                                                                                                                                0x70437d62
                                                                                                                                0x70437d6c
                                                                                                                                0x70437d76
                                                                                                                                0x70437d7b
                                                                                                                                0x70437d81
                                                                                                                                0x70437d86
                                                                                                                                0x70437d8e
                                                                                                                                0x70437d99
                                                                                                                                0x70437db2
                                                                                                                                0x704347c7
                                                                                                                                0x704347c7
                                                                                                                                0x704347c7

                                                                                                                                APIs
                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 70437D8E
                                                                                                                                • UnhandledExceptionFilter.KERNEL32(70431528), ref: 70437D99
                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 70437DA4
                                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 70437DAB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                • Opcode ID: b5eb52eb94ea210187668c18d06449f5e9107efd1de2618972fc61cd43328562
                                                                                                                                • Instruction ID: 3b2f04e56bd2e7ffe056e0f2a414d4a621f9f1374978d3b293c2da5c1f2af7be
                                                                                                                                • Opcode Fuzzy Hash: b5eb52eb94ea210187668c18d06449f5e9107efd1de2618972fc61cd43328562
                                                                                                                                • Instruction Fuzzy Hash: 14218EB6501204DBCF15CF9BEA84B48BBF4BB49314B70602AE949A3371D3B459818F55
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014205A0, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_thread_local.ADB(00000000,00000000,?,0140CF7B), ref: 014205A4
                                                                                                                                • OPENSSL_malloc.ADB(0000010C,0140CF7B), ref: 014205D4
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,0000010C,?,0140CF7B), ref: 014205EC
                                                                                                                                • CRYPTO_set_thread_local.ADB(00000000,00000000,014217D0,?,?,?,?,0140CF7B), ref: 014205FC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_get_thread_localO_set_thread_localmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2237182344-0
                                                                                                                                • Opcode ID: 48da629e4d7ee90cff786064089e7b3978381f475d232a8bac276c63ef0b133e
                                                                                                                                • Instruction ID: 6bb96440a5423900a152040ac546a06071105c6d803bd92b297ac521eb1d7c96
                                                                                                                                • Opcode Fuzzy Hash: 48da629e4d7ee90cff786064089e7b3978381f475d232a8bac276c63ef0b133e
                                                                                                                                • Instruction Fuzzy Hash: 28F02EB374032227F571A22A6C06F9726D5AFE0684F980131FA9DDF795F570F4C282A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A890, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140A8B6
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000045,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000156), ref: 0140A91D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa.c, xrefs: 0140A912
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 3648322789-3754478375
                                                                                                                                • Opcode ID: 0f8b1fae304ebd0ef240740131145b63accaa2ae88087b53fbd3de27b9bb479a
                                                                                                                                • Instruction ID: e2f778047b45a9c831be9c58ab84fe34b3f741449c102c8fbef550eb7216c174
                                                                                                                                • Opcode Fuzzy Hash: 0f8b1fae304ebd0ef240740131145b63accaa2ae88087b53fbd3de27b9bb479a
                                                                                                                                • Instruction Fuzzy Hash: A111E3B67003017BE601AA1ADC01E2B77ECEF95664F29052CF949973D0E372ED0287A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A620, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140A646
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000045,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000013E), ref: 0140A6AD
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa.c, xrefs: 0140A6A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 3648322789-3754478375
                                                                                                                                • Opcode ID: 7bcbebb0e14ee453c65fe7e6766efe47caf4d335376cf60a867f06734a8354f8
                                                                                                                                • Instruction ID: d299cde36bfb02d60e14fae14351a2010e103ba8cfe196c82bb3778de9dab9cf
                                                                                                                                • Opcode Fuzzy Hash: 7bcbebb0e14ee453c65fe7e6766efe47caf4d335376cf60a867f06734a8354f8
                                                                                                                                • Instruction Fuzzy Hash: 1F11C4B17003057BE601AA16CC01E2B76ADEFE5664F29052DF988973D0E272ED1186A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3350, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?), ref: 013F33AC
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/cipher.c, xrefs: 013F33D4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 2221118986-705831790
                                                                                                                                • Opcode ID: b80223b3aedb03bc5bac7dd1a8de52e27b395a5243110788d5623c6fa10f3348
                                                                                                                                • Instruction ID: 3cd6b74429e8b2a547542cc339759ec6ae637051f95fbf34a73ef760cb6c8259
                                                                                                                                • Opcode Fuzzy Hash: b80223b3aedb03bc5bac7dd1a8de52e27b395a5243110788d5623c6fa10f3348
                                                                                                                                • Instruction Fuzzy Hash: B61182B0604206ABE710DA19CC84F6A7BDCFF4174CF14046EFB459A781DB76E895C761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F33F0, Relevance: 4.6, APIs: 3, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013F343F
                                                                                                                                • EVP_EncryptUpdate.ADB(?,?,?,?,?), ref: 013F34A8
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013F34DD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$EncryptUpdate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 275661162-0
                                                                                                                                • Opcode ID: 8509617e6a6c4093ef55cba6723cb89986f146dc490727ede18ef08df95ef7dc
                                                                                                                                • Instruction ID: b1e51a35aa2b8bb56f43dd4483deafcfc8ac305b01e7c577525a0106aca5e06e
                                                                                                                                • Opcode Fuzzy Hash: 8509617e6a6c4093ef55cba6723cb89986f146dc490727ede18ef08df95ef7dc
                                                                                                                                • Instruction Fuzzy Hash: EF31A1B95083049FD3119F28D884B27BBE8FF84358F09446DEE8497381E775D944CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3210, Relevance: 3.9, APIs: 3, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013F3251
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013F32B9
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013F331E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3510742995-0
                                                                                                                                • Opcode ID: a835b301b48d26a3253d56826b90c482bd3b44ca41999838e21ec323e76c1893
                                                                                                                                • Instruction ID: 94caeeda68bb5facfe1ad2f36cba0d010c7df6c7b88514a117d36992a0df96fa
                                                                                                                                • Opcode Fuzzy Hash: a835b301b48d26a3253d56826b90c482bd3b44ca41999838e21ec323e76c1893
                                                                                                                                • Instruction Fuzzy Hash: 7C415D75504306AFD310DF19C884A27BBECFF8529CF19456DEA888B301EB32D951CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3500, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,000001AD), ref: 013F3573
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 1767461275-705831790
                                                                                                                                • Opcode ID: b542fab9ee8cd4908f5b052ab715745dbe8be83a0b95b5ab1ad25c3383ed5816
                                                                                                                                • Instruction ID: 43848c80e54010d4ee975e4b0e1d8c15dbb8a654d202581f1d5d5eb3509f03fe
                                                                                                                                • Opcode Fuzzy Hash: b542fab9ee8cd4908f5b052ab715745dbe8be83a0b95b5ab1ad25c3383ed5816
                                                                                                                                • Instruction Fuzzy Hash: E0310570B48349DAE7219E18C8C9F653B96BBD172CF19416CEB881B2A3D7B0D4C5C760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DD630, Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013DD6F6
                                                                                                                                • CRYPTO_memcmp.ADB(?,01662368,00000004), ref: 013DD7CD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_memcmpmemmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2088574511-0
                                                                                                                                • Opcode ID: 8df54243e2878f953b6a60e392b477b6d6816da2778c1db84b044545da562529
                                                                                                                                • Instruction ID: 9ed50ecee1bb926ab47028d471d9b9226eebed61efc1209615ab576cd3a39a3e
                                                                                                                                • Opcode Fuzzy Hash: 8df54243e2878f953b6a60e392b477b6d6816da2778c1db84b044545da562529
                                                                                                                                • Instruction Fuzzy Hash: 58A1F033A187518FC705CF29CC8016EF7E2AFC8214F498A6DF999DB241D770EA058B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DD3D0, Relevance: 3.1, APIs: 2, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013DD437
                                                                                                                                • CRYPTO_memcmp.ADB(?,01662360,00000008), ref: 013DD50C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_memcmpmemmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2088574511-0
                                                                                                                                • Opcode ID: 4552c980c46f583982538c693485dc54bd50998623419618d148eea211bf7272
                                                                                                                                • Instruction ID: f48618c658bd95ed7c281f93351d0639b9b28ff5c7f73ab9a848d4ade9f544d3
                                                                                                                                • Opcode Fuzzy Hash: 4552c980c46f583982538c693485dc54bd50998623419618d148eea211bf7272
                                                                                                                                • Instruction Fuzzy Hash: 494171755087059BC701DF28D840AAFBBE5FF89268F044A2DF8999B251D730D948CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F6C80, Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DES_encrypt3.ADB(?,?,?,?), ref: 013F6CB2
                                                                                                                                • DES_decrypt3.ADB(?,?,?,?), ref: 013F6CBD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: S_decrypt3S_encrypt3
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3533206369-0
                                                                                                                                • Opcode ID: 3601f11b75d6000fe18cd0965c0e5805c2fbfa7b98d8768fe558767ddd748e0b
                                                                                                                                • Instruction ID: b828473d141aa222fcbb723cec2c5f931460ba6da23e1b9565b1003ea136e740
                                                                                                                                • Opcode Fuzzy Hash: 3601f11b75d6000fe18cd0965c0e5805c2fbfa7b98d8768fe558767ddd748e0b
                                                                                                                                • Instruction Fuzzy Hash: 27118276505684DFD711DF1C98418ABBFA9DBA5610F04CA4DE9D543702C630AD14C7E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCDC0, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 013FCDC8
                                                                                                                                • CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FCDE0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_onceabort
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4267963988-0
                                                                                                                                • Opcode ID: 2f6d7064de3938517d2688e2a3188341794da057dc00849e9dc442e320c06e36
                                                                                                                                • Instruction ID: 871909ff52c7b8ce5f41a19db84513043ec7d92681b570063cf9aa04659e771e
                                                                                                                                • Opcode Fuzzy Hash: 2f6d7064de3938517d2688e2a3188341794da057dc00849e9dc442e320c06e36
                                                                                                                                • Instruction Fuzzy Hash: 1AF0E976A483119FC2219F08D400E1AF7E3FFD5768F5A88ACEA045F316D730A4118BC0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A940, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140A978
                                                                                                                                • RSA_verify_raw.ADB(?,?,?,-00000007,?,?,?), ref: 0140A997
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_verify_rawN_num_bits
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2676408520-0
                                                                                                                                • Opcode ID: e9aef16f76222c4aad63ad106e659ab2c5153c88c6f6a6f267ada496e2cab218
                                                                                                                                • Instruction ID: 470b4318695b06847458813b3a7a530b64af5bd51b3a5289b994afcfee28eb77
                                                                                                                                • Opcode Fuzzy Hash: e9aef16f76222c4aad63ad106e659ab2c5153c88c6f6a6f267ada496e2cab218
                                                                                                                                • Instruction Fuzzy Hash: D3F0F8B52042046FD2109A06CC45E2BBAEDEB99654F16081CF98893351D271ED018AB2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A0C0, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140A0F8
                                                                                                                                • RSA_encrypt.ADB(?,?,?,-00000007,?,?,?), ref: 0140A117
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_encryptN_num_bits
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3210707014-0
                                                                                                                                • Opcode ID: e9aef16f76222c4aad63ad106e659ab2c5153c88c6f6a6f267ada496e2cab218
                                                                                                                                • Instruction ID: a84791b83b51b89413fe74443be7301c6825f2a74b595a8dce27dc107402b90e
                                                                                                                                • Opcode Fuzzy Hash: e9aef16f76222c4aad63ad106e659ab2c5153c88c6f6a6f267ada496e2cab218
                                                                                                                                • Instruction Fuzzy Hash: BDF01CB12043096FD210DE06CC44E2BBBEDEFD9654F15441CF98897350D671FD018AB2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3910, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000088), ref: 013F3930
                                                                                                                                • EVP_CipherInit_ex.ADB ref: 013F3952
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CipherInit_exmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2403730431-0
                                                                                                                                • Opcode ID: 9cdc734d35d436f45151bc7845a8ef36d435217bcf8e5c6bc90fac3a7730ca9f
                                                                                                                                • Instruction ID: 14a7d484830531a4d63af84aaebbf594abd7940657df38407a6e50c8e0e154a8
                                                                                                                                • Opcode Fuzzy Hash: 9cdc734d35d436f45151bc7845a8ef36d435217bcf8e5c6bc90fac3a7730ca9f
                                                                                                                                • Instruction Fuzzy Hash: E2F037B55493056BD200EF09984070FF7ECFFE5654F40451EF99853301D77195088BA3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F38C0, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000088), ref: 013F38E0
                                                                                                                                • EVP_CipherInit_ex.ADB ref: 013F3902
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CipherInit_exmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2403730431-0
                                                                                                                                • Opcode ID: 65c261aa4be9fd84574161b131b6a946275c209e32b91cbb77d5bdbf25c089b0
                                                                                                                                • Instruction ID: 45be57ac320688693d69382ca7bb19878c283f7032a5b1dd335afa55712f3e51
                                                                                                                                • Opcode Fuzzy Hash: 65c261aa4be9fd84574161b131b6a946275c209e32b91cbb77d5bdbf25c089b0
                                                                                                                                • Instruction Fuzzy Hash: AEF037B55453055BD200EF09D84060FFBE8FFD5A54F40451EF99853301D77595088BE3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01532850, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(017289E8,013F0C3F), ref: 01532861
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4206212132-0
                                                                                                                                • Opcode ID: e15a52c77b2ce1d19a0c9b3aa7fd72b72cc0b1ef0c106b6093fc909bc5364b32
                                                                                                                                • Instruction ID: 0bfbccb6910fd6d11b0509f1dc4e9b653236d5c0440a8297711a83a91a5e1c3d
                                                                                                                                • Opcode Fuzzy Hash: e15a52c77b2ce1d19a0c9b3aa7fd72b72cc0b1ef0c106b6093fc909bc5364b32
                                                                                                                                • Instruction Fuzzy Hash: 39E0BF66844303ADDE123B659D06F2EB6957FF5AC4F8448B8E98889132FB26C4109603
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01406E70, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_gcm128_finish.ADB(?,00000000,00000000), ref: 01406E7F
                                                                                                                                  • Part of subcall function 01406CE0: CRYPTO_memcmp.ADB(?,?,?), ref: 01406E4A
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000010), ref: 01406E9F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_gcm128_finishO_memcmpmemcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1990031102-0
                                                                                                                                • Opcode ID: c0920618b3c9078a7b19d99951caca3659f95ca0d9e4835d0cab65bcbbad0249
                                                                                                                                • Instruction ID: 4ee97f0e393f8a6d248ca73de6a3ca020c482294988230e5e4d62f175b6e02a8
                                                                                                                                • Opcode Fuzzy Hash: c0920618b3c9078a7b19d99951caca3659f95ca0d9e4835d0cab65bcbbad0249
                                                                                                                                • Instruction Fuzzy Hash: 75E0C2B3A0421136EA21550EBC04F4B6758DFE16A0F09043AFD04A32D0D172EC5286E6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 015316F0, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sk_numsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3530375599-0
                                                                                                                                • Opcode ID: 25bca130d99f0902d9675f9891dea1284e21377117ea52d899cd6310bad70bad
                                                                                                                                • Instruction ID: 414cfd704203c2cc74d06ba9e144aba13e2e6ea991bea70a3c84c57515b5978a
                                                                                                                                • Opcode Fuzzy Hash: 25bca130d99f0902d9675f9891dea1284e21377117ea52d899cd6310bad70bad
                                                                                                                                • Instruction Fuzzy Hash: 8DE0CD35B145215795239539BC8044F7B94FDD095070C0436E945D7204EA30D8A046F2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01535C70, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(017289E8,013F0C3F), ref: 01535C75
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(017289E8,013F0C3F), ref: 01535C82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_lock_readX_unlock_read
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1509110814-0
                                                                                                                                • Opcode ID: 083687b1db84ac8f977182c892ee6675109a2246720f9d55a7322b3157d054bc
                                                                                                                                • Instruction ID: 3c4dc7a2796941409239c17da9b73853926c58d33787eb1d5d990d29af246c9a
                                                                                                                                • Opcode Fuzzy Hash: 083687b1db84ac8f977182c892ee6675109a2246720f9d55a7322b3157d054bc
                                                                                                                                • Instruction Fuzzy Hash: F3B002C5F5575311574033F73C37546E58029F4419F15447FF84566145FD53A1169053
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F69B0, Relevance: 1.8, APIs: 1, Instructions: 315COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d1bf9c952d59e47ee3d95905688efb07bfce2728f1578c7760031e556c36d5c2
                                                                                                                                • Instruction ID: 6dad0504cb1b2ccffaf68b8de65030bcab785e812d9516387bf245c04b834ee0
                                                                                                                                • Opcode Fuzzy Hash: d1bf9c952d59e47ee3d95905688efb07bfce2728f1578c7760031e556c36d5c2
                                                                                                                                • Instruction Fuzzy Hash: 66C17B7161C3959FDB05CF19C48055AFFE1EF99214F48CAADE9D88B342C635E805CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01406CE0, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_memcmp
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2788248766-0
                                                                                                                                • Opcode ID: 2625b4eaab0164aa378c838e19368af7787f4d5a7a591bcee0e18d1e80b23863
                                                                                                                                • Instruction ID: 76c7434d60bc00eb428cd54e2908a679629d070cd22d03a9b972cdaa9beb07d0
                                                                                                                                • Opcode Fuzzy Hash: 2625b4eaab0164aa378c838e19368af7787f4d5a7a591bcee0e18d1e80b23863
                                                                                                                                • Instruction Fuzzy Hash: FF41B475C3BB4287EB07963EC006152E6A46FA76D1B50CB1EF9C9B29A3F731E5904A40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCDD0, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FCDE0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 150031a2f70edb63ad74b8f606505a142936cfa56ecfeaa6497dc016a25074c0
                                                                                                                                • Instruction ID: ddcb6cc9ddb127c13b61f250ba955884ce467fe30d7c5d32b55e1b27b2a3a12b
                                                                                                                                • Opcode Fuzzy Hash: 150031a2f70edb63ad74b8f606505a142936cfa56ecfeaa6497dc016a25074c0
                                                                                                                                • Instruction Fuzzy Hash: D2F03776A592114BC2218F099400A59F393EFD4725F5E845DEA046F316D771A51186D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140AD30, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_new_index.ADB(017287D0,?,?,?,?), ref: 0140AD50
                                                                                                                                  • Part of subcall function 015315A0: OPENSSL_malloc.ADB(0000000C,?,?,013D59D5,017287B4,?,?,?,?), ref: 015315A4
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_lock_write.ADB(?), ref: 015315CB
                                                                                                                                  • Part of subcall function 015315A0: sk_new_null.ADB ref: 015315DA
                                                                                                                                  • Part of subcall function 015315A0: sk_push.ADB(?,00000000), ref: 015315E8
                                                                                                                                  • Part of subcall function 015315A0: sk_num.ADB(?), ref: 015315FB
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_unlock_write.ADB(?), ref: 01531654
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_get_ex_new_indexX_lock_writeX_unlock_writesk_new_nullsk_numsk_push
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3959599009-0
                                                                                                                                • Opcode ID: 9f767dc4cbe8c4e7f77cafb43ce563203a5cc8219841405f211da7733be57f68
                                                                                                                                • Instruction ID: aea8da680925d39d855a9090dd98a32d01eca858ccac4ef25148a7b1dc0f0a1e
                                                                                                                                • Opcode Fuzzy Hash: 9f767dc4cbe8c4e7f77cafb43ce563203a5cc8219841405f211da7733be57f68
                                                                                                                                • Instruction Fuzzy Hash: 01E08CF56042106FE208EA18D852E6BBB98EB84220F05491DF88683340D6329801C6A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D59B0, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_new_index.ADB(017287B4,?,?,?,?), ref: 013D59D0
                                                                                                                                  • Part of subcall function 015315A0: OPENSSL_malloc.ADB(0000000C,?,?,013D59D5,017287B4,?,?,?,?), ref: 015315A4
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_lock_write.ADB(?), ref: 015315CB
                                                                                                                                  • Part of subcall function 015315A0: sk_new_null.ADB ref: 015315DA
                                                                                                                                  • Part of subcall function 015315A0: sk_push.ADB(?,00000000), ref: 015315E8
                                                                                                                                  • Part of subcall function 015315A0: sk_num.ADB(?), ref: 015315FB
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_unlock_write.ADB(?), ref: 01531654
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_get_ex_new_indexX_lock_writeX_unlock_writesk_new_nullsk_numsk_push
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3959599009-0
                                                                                                                                • Opcode ID: ed9fe84677e21cd4452b1b1e4e3d391734117d077252a8ce4e41ebcebbe93a21
                                                                                                                                • Instruction ID: a56e9bd24a27f87f35d97a841f91c878fa5988041e3c4f4a4ca1b1f53be0b031
                                                                                                                                • Opcode Fuzzy Hash: ed9fe84677e21cd4452b1b1e4e3d391734117d077252a8ce4e41ebcebbe93a21
                                                                                                                                • Instruction Fuzzy Hash: B0E08CF56042216FE248EA18D852D6BBB98EB94220F05492DF88683340D6329801C6A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FDF80, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_new_index.ADB(017287C4,?,?,?,?), ref: 013FDFA0
                                                                                                                                  • Part of subcall function 015315A0: OPENSSL_malloc.ADB(0000000C,?,?,013D59D5,017287B4,?,?,?,?), ref: 015315A4
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_lock_write.ADB(?), ref: 015315CB
                                                                                                                                  • Part of subcall function 015315A0: sk_new_null.ADB ref: 015315DA
                                                                                                                                  • Part of subcall function 015315A0: sk_push.ADB(?,00000000), ref: 015315E8
                                                                                                                                  • Part of subcall function 015315A0: sk_num.ADB(?), ref: 015315FB
                                                                                                                                  • Part of subcall function 015315A0: CRYPTO_STATIC_MUTEX_unlock_write.ADB(?), ref: 01531654
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_get_ex_new_indexX_lock_writeX_unlock_writesk_new_nullsk_numsk_push
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3959599009-0
                                                                                                                                • Opcode ID: 35376ce628db44d88fcef7c0f9207e28b3894116c294915a45e4792baf007986
                                                                                                                                • Instruction ID: d562dd7283b8256144db5f4c149e87c53314c1972d11bbaf0a94b032c622c098
                                                                                                                                • Opcode Fuzzy Hash: 35376ce628db44d88fcef7c0f9207e28b3894116c294915a45e4792baf007986
                                                                                                                                • Instruction Fuzzy Hash: AAE0ECF5A052116FE248EA19D852D6BBB98EB84660F05492DF88683340D6369855C6A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70985492, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 58%
                                                                                                                                			E70985492(void* __ecx, void* _a4) {
				long _v8;

				_push(__ecx);
				_v8 = 0;
				return DeviceIoControl(_a4, 0x22402c, 0, 0, __ecx + 0x22, 9,  &_v8, 0) & 0xffffff00 | _t7 != 0x00000000;
			}




                                                                                                                                0x70985497
                                                                                                                                0x709854af
                                                                                                                                0x709854be

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ControlDevice
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2352790924-0
                                                                                                                                • Opcode ID: f7c4cbb81836d03c44c2a9d22b5c219ad2bd1cf8540e445221e66c773d4aae14
                                                                                                                                • Instruction ID: 51420b854b23953dea11592d9a96a2bfee99712145f2f7752f22b271799719ec
                                                                                                                                • Opcode Fuzzy Hash: f7c4cbb81836d03c44c2a9d22b5c219ad2bd1cf8540e445221e66c773d4aae14
                                                                                                                                • Instruction Fuzzy Hash: CAD05EF2614304FFEB18DFB1CC06F7B7A6EE785B50B11C528B901D6280E5B4DE50A560
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3190, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EVP_CipherInit_ex.ADB ref: 013F31BB
                                                                                                                                  • Part of subcall function 013F2EF0: OPENSSL_free.ADB(?), ref: 013F2F30
                                                                                                                                  • Part of subcall function 013F2EF0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000088), ref: 013F2F40
                                                                                                                                  • Part of subcall function 013F2EF0: OPENSSL_malloc.ADB(?), ref: 013F2F55
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CipherInit_exL_freeL_mallocmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1303841458-0
                                                                                                                                • Opcode ID: 1f08dace2223c9a6aee716afe3a40b2bd58a102d641b8b5ee8956d0acda784b0
                                                                                                                                • Instruction ID: 69b352e9e18e598581420572aff29b0a79a91a15cc6ffb00609ee93ea345aa0d
                                                                                                                                • Opcode Fuzzy Hash: 1f08dace2223c9a6aee716afe3a40b2bd58a102d641b8b5ee8956d0acda784b0
                                                                                                                                • Instruction Fuzzy Hash: 2FE0BDB48093108BC700EF28E54444ABBE0BFC8708F408A4EF8C867305D374EA448F83
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F31D0, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EVP_CipherInit_ex.ADB ref: 013F31FB
                                                                                                                                  • Part of subcall function 013F2EF0: OPENSSL_free.ADB(?), ref: 013F2F30
                                                                                                                                  • Part of subcall function 013F2EF0: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000088), ref: 013F2F40
                                                                                                                                  • Part of subcall function 013F2EF0: OPENSSL_malloc.ADB(?), ref: 013F2F55
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CipherInit_exL_freeL_mallocmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1303841458-0
                                                                                                                                • Opcode ID: 430d4dc687a074919e698feed4bd67058b416982080721efe38ffc528e7cb467
                                                                                                                                • Instruction ID: 5a8f0c82a77f35cecb3577c5afc1644246f13537fbea930ca785cb16b6cb02cf
                                                                                                                                • Opcode Fuzzy Hash: 430d4dc687a074919e698feed4bd67058b416982080721efe38ffc528e7cb467
                                                                                                                                • Instruction Fuzzy Hash: 15E099B48093108BC700EF28E54450ABBE0BF88608F408A4EF8C867304D3349A048F82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FB270, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FB286
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: 84511bef21a1a52201602754289163cf624b477d6411dae3a1d3a9471c638cea
                                                                                                                                • Instruction ID: 9e765e38506a4f1a100a12a137f37726d0820a950721e6b37b323901f52ccfaa
                                                                                                                                • Opcode Fuzzy Hash: 84511bef21a1a52201602754289163cf624b477d6411dae3a1d3a9471c638cea
                                                                                                                                • Instruction Fuzzy Hash: 5ED022F6E002209BD930AE48F40078BF3E85B00708F04082EDE4083108D330E8848BC1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7070, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DES_ede3_cbc_encrypt.ADB(?,?,?,?,?,?,?,?), ref: 013F708E
                                                                                                                                  • Part of subcall function 013F6D00: DES_encrypt3.ADB(?,?,?,?), ref: 013F6D7E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: S_ede3_cbc_encryptS_encrypt3
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1432304406-0
                                                                                                                                • Opcode ID: 7ebd778c6524e21fafe6f93b0d624c9efc9ba5b3b759c7474c84d02c68f66778
                                                                                                                                • Instruction ID: 7967f62da21c50e2d6fdc6079eb029e260906b2e66e88deafebdb7bb640a78cc
                                                                                                                                • Opcode Fuzzy Hash: 7ebd778c6524e21fafe6f93b0d624c9efc9ba5b3b759c7474c84d02c68f66778
                                                                                                                                • Instruction Fuzzy Hash: D2D0C2B6408681BFDB029F84CC41C3BBAA6FB9C208F48490CB6D850034D23AC665AB12
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3640, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EVP_DecryptUpdate.ADB(?,?,?,?,?), ref: 013F3660
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DecryptUpdate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1057456880-0
                                                                                                                                • Opcode ID: 3569e493268d385c6b7f530e53388c166c097ee548ee0bc30a34fb4ddd495acf
                                                                                                                                • Instruction ID: b2371a826da40fe9b2fb0fc04b059ccaa7fbd251ff6d44e637a93993611cba9c
                                                                                                                                • Opcode Fuzzy Hash: 3569e493268d385c6b7f530e53388c166c097ee548ee0bc30a34fb4ddd495acf
                                                                                                                                • Instruction Fuzzy Hash: 93D0C775408301EBCA05DF58DA04E0AB7A6FB84B08F800C4CF34411121C736D928DB23
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140AD70, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_set_ex_data.ADB(?,?,?), ref: 0140AD80
                                                                                                                                  • Part of subcall function 01531670: sk_new_null.ADB(?,?,?,013D5A05,?,?,?), ref: 0153167D
                                                                                                                                  • Part of subcall function 01531670: sk_num.ADB(?,?,?,?,013D5A05,?,?,?), ref: 0153168D
                                                                                                                                  • Part of subcall function 01531670: sk_push.ADB(00000000,00000000), ref: 015316A3
                                                                                                                                  • Part of subcall function 01531670: sk_set.ADB(00000000,?,?), ref: 015316BC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_set_ex_datask_new_nullsk_numsk_pushsk_set
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 247011322-0
                                                                                                                                • Opcode ID: 0c812e03899d24f9ff36648344505576b2dd8ffcd83e6ce21ca25784998d068c
                                                                                                                                • Instruction ID: 4869df738d993580aa3dc23bf16c1fb60e52c80f2c59fd938780076052c1e8f7
                                                                                                                                • Opcode Fuzzy Hash: 0c812e03899d24f9ff36648344505576b2dd8ffcd83e6ce21ca25784998d068c
                                                                                                                                • Instruction Fuzzy Hash: CEB0927A808601BFCA019BA4EC85A0AB7E5BFD9618F88C818F59892111D236C524AB13
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2960, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(?), ref: 013D296A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_dec_and_test_zero
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3721132539-0
                                                                                                                                • Opcode ID: ce745c76e8029c63a11dee980a183daae2840342281288dd4c4853129da4435d
                                                                                                                                • Instruction ID: 3ad9afeab458fcc61ba51a7286bde097eb90e3d99fd99fe095f8c95adfdc5228
                                                                                                                                • Opcode Fuzzy Hash: ce745c76e8029c63a11dee980a183daae2840342281288dd4c4853129da4435d
                                                                                                                                • Instruction Fuzzy Hash: 7BB012638076329354126A0874009CF57881E81AA470A6446A8443B10843205DC101D9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D59F0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_set_ex_data.ADB(?,?,?), ref: 013D5A00
                                                                                                                                  • Part of subcall function 01531670: sk_new_null.ADB(?,?,?,013D5A05,?,?,?), ref: 0153167D
                                                                                                                                  • Part of subcall function 01531670: sk_num.ADB(?,?,?,?,013D5A05,?,?,?), ref: 0153168D
                                                                                                                                  • Part of subcall function 01531670: sk_push.ADB(00000000,00000000), ref: 015316A3
                                                                                                                                  • Part of subcall function 01531670: sk_set.ADB(00000000,?,?), ref: 015316BC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_set_ex_datask_new_nullsk_numsk_pushsk_set
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 247011322-0
                                                                                                                                • Opcode ID: 5e8911fa45a73006bcd4dee1ad5d022b563d58988e7f0965973801b4087d90be
                                                                                                                                • Instruction ID: a2dd121e241143fa9b095eee34e4ae5039b0171703daa83d06f8952fce01c371
                                                                                                                                • Opcode Fuzzy Hash: 5e8911fa45a73006bcd4dee1ad5d022b563d58988e7f0965973801b4087d90be
                                                                                                                                • Instruction Fuzzy Hash: 57B0927A808601BFCA019BA8EC45A0EB7A5BFD5618F88C818F59892112D636C524AB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FDFC0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_set_ex_data.ADB(?,?,?), ref: 013FDFD0
                                                                                                                                  • Part of subcall function 01531670: sk_new_null.ADB(?,?,?,013D5A05,?,?,?), ref: 0153167D
                                                                                                                                  • Part of subcall function 01531670: sk_num.ADB(?,?,?,?,013D5A05,?,?,?), ref: 0153168D
                                                                                                                                  • Part of subcall function 01531670: sk_push.ADB(00000000,00000000), ref: 015316A3
                                                                                                                                  • Part of subcall function 01531670: sk_set.ADB(00000000,?,?), ref: 015316BC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_set_ex_datask_new_nullsk_numsk_pushsk_set
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 247011322-0
                                                                                                                                • Opcode ID: 13a53c85e9bed21df9875f23445f4c7016b9fbadcc7789c0744c7d029e621496
                                                                                                                                • Instruction ID: 46cd1b1489be1c563f6e8ccade5ebd44e15c07964637f876bdb96103158286f0
                                                                                                                                • Opcode Fuzzy Hash: 13a53c85e9bed21df9875f23445f4c7016b9fbadcc7789c0744c7d029e621496
                                                                                                                                • Instruction Fuzzy Hash: 24B0927A808601BFDA019BE4EC85A0EB7A5BFD9614F88C808F59882111D236D524AB17
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D5990, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013D5998
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: 1657ad0723745aeea3cf06503686d4f99592110f2edfb9af0007402887c5c18b
                                                                                                                                • Instruction ID: f2b41502c185fd5afd486c2102bc1d0b03d63cd061b05369947a95d1a27f99d7
                                                                                                                                • Opcode Fuzzy Hash: 1657ad0723745aeea3cf06503686d4f99592110f2edfb9af0007402887c5c18b
                                                                                                                                • Instruction Fuzzy Hash: 18B012E6A0010153E900A618EC457073698AB90708F840860F004C6202E129D8108102
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140AD90, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_data.ADB(?,?), ref: 0140AD9C
                                                                                                                                  • Part of subcall function 015316F0: sk_num.ADB(?,?,?,013D5A21,?,?), ref: 01531705
                                                                                                                                  • Part of subcall function 015316F0: sk_value.ADB(?,?), ref: 01531714
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_get_ex_datask_numsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1293315948-0
                                                                                                                                • Opcode ID: 4782b467aebfe453f3e106dfd3f96f793253dc0edde013443c504993908fba72
                                                                                                                                • Instruction ID: 31bba7d4e7d1ba1649c638f54db9d35da86e3ccc21c1711d789fa64bf1c07eae
                                                                                                                                • Opcode Fuzzy Hash: 4782b467aebfe453f3e106dfd3f96f793253dc0edde013443c504993908fba72
                                                                                                                                • Instruction Fuzzy Hash: A1B0127A80860277CD006BA4EC8590A77D5BFD858CF884814F04892111D135C464A622
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01514850, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,013D2DB0,?), ref: 01514858
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: d8a69217fa7aa1959e2aab71d1472f9342e44195681f2f173e6529ba3ba8087f
                                                                                                                                • Instruction ID: 18bc2e183367c89f14454ba4266a69b5bb9297b1a79c5d549e97dc2265d77be9
                                                                                                                                • Opcode Fuzzy Hash: d8a69217fa7aa1959e2aab71d1472f9342e44195681f2f173e6529ba3ba8087f
                                                                                                                                • Instruction Fuzzy Hash: 21B012E6A0010153E9009618EC8570631D4ABA4709F840860F404C6201E12DD8508102
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409CB0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,013D2BC0,?), ref: 01409CB8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: d8a69217fa7aa1959e2aab71d1472f9342e44195681f2f173e6529ba3ba8087f
                                                                                                                                • Instruction ID: 18bc2e183367c89f14454ba4266a69b5bb9297b1a79c5d549e97dc2265d77be9
                                                                                                                                • Opcode Fuzzy Hash: d8a69217fa7aa1959e2aab71d1472f9342e44195681f2f173e6529ba3ba8087f
                                                                                                                                • Instruction Fuzzy Hash: 21B012E6A0010153E9009618EC8570631D4ABA4709F840860F404C6201E12DD8508102
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01521F30, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,013D594B,?), ref: 01521F38
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: 1657ad0723745aeea3cf06503686d4f99592110f2edfb9af0007402887c5c18b
                                                                                                                                • Instruction ID: f2b41502c185fd5afd486c2102bc1d0b03d63cd061b05369947a95d1a27f99d7
                                                                                                                                • Opcode Fuzzy Hash: 1657ad0723745aeea3cf06503686d4f99592110f2edfb9af0007402887c5c18b
                                                                                                                                • Instruction Fuzzy Hash: 18B012E6A0010153E900A618EC457073698AB90708F840860F004C6202E129D8108102
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD380, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,013D2ED0,?), ref: 013FD388
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: 0b40f962d46d7b878460622d9074d6ffe072c04b525a307c26181b3e3c941c32
                                                                                                                                • Instruction ID: c3387c550fe31446c8c136f95266c0064a788846fe8b3f3a4eafda2e3efb53dc
                                                                                                                                • Opcode Fuzzy Hash: 0b40f962d46d7b878460622d9074d6ffe072c04b525a307c26181b3e3c941c32
                                                                                                                                • Instruction Fuzzy Hash: BEB012E6A0010153E900961CEC4570A31946BA0709FC40860F444C6203E52DD8108152
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FDFE0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_data.ADB(?,?), ref: 013FDFEC
                                                                                                                                  • Part of subcall function 015316F0: sk_num.ADB(?,?,?,013D5A21,?,?), ref: 01531705
                                                                                                                                  • Part of subcall function 015316F0: sk_value.ADB(?,?), ref: 01531714
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_get_ex_datask_numsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1293315948-0
                                                                                                                                • Opcode ID: caf0e4f3f63a0138559477f7262328727e40fa7188095628669ce8aa654b9d3c
                                                                                                                                • Instruction ID: 5ef33d221e0c9cb4c7f029da795d9608bb35aac60979b454a9a8ed915215d563
                                                                                                                                • Opcode Fuzzy Hash: caf0e4f3f63a0138559477f7262328727e40fa7188095628669ce8aa654b9d3c
                                                                                                                                • Instruction Fuzzy Hash: B6B0127A80460277CE006BE4EC85A0E7795BFD8584F884804F04882111D135D464A626
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D5A10, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_ex_data.ADB(?,?), ref: 013D5A1C
                                                                                                                                  • Part of subcall function 015316F0: sk_num.ADB(?,?,?,013D5A21,?,?), ref: 01531705
                                                                                                                                  • Part of subcall function 015316F0: sk_value.ADB(?,?), ref: 01531714
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_get_ex_datask_numsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1293315948-0
                                                                                                                                • Opcode ID: 206a032881c357308b08f41991059a2b041e47ae52a327c0507125421d9db4d1
                                                                                                                                • Instruction ID: 643e77ce60150e105d88f88f39579ded58a0c1395c1c787c23fd5dc66b75500a
                                                                                                                                • Opcode Fuzzy Hash: 206a032881c357308b08f41991059a2b041e47ae52a327c0507125421d9db4d1
                                                                                                                                • Instruction Fuzzy Hash: 7DB0127A80460277CD006BA8EC4590E77957FD058CFC84814F08892113D535C424A672
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4100, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017427E0,013F4120), ref: 013F410A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: a17e6ed37aa1e552576a1671f877e9992de90bf35c060f55c3c2eb4b18128f33
                                                                                                                                • Instruction ID: 8926760ac1e90e3763fb7278aed6e8fea8fffdb8a09b5e2f6b5d315f91e4cdeb
                                                                                                                                • Opcode Fuzzy Hash: a17e6ed37aa1e552576a1671f877e9992de90bf35c060f55c3c2eb4b18128f33
                                                                                                                                • Instruction Fuzzy Hash: 96A00299B98702238402A2577C1390DD910B6F594ABC9016CF704FE707F7A956351276
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4170, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174281C,013F4190), ref: 013F417A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 078d26b2f4d1aa7ba665017b98e646db79fbdb2e49022b538307a70fabf27efe
                                                                                                                                • Instruction ID: 0d209602586ff05b2947dd2ad416549a74f73ba91b889f2379e8e1afc41354ed
                                                                                                                                • Opcode Fuzzy Hash: 078d26b2f4d1aa7ba665017b98e646db79fbdb2e49022b538307a70fabf27efe
                                                                                                                                • Instruction Fuzzy Hash: B7A00299FD470223A80162563C1391DD91879F1A09BC4447CF549EE343F6A5D53402B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7970, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017429C0,013F7990), ref: 013F797A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: e1db407a718eddb1210383af69c8eca0d1487e18df1aa1c2891466589efa24f8
                                                                                                                                • Instruction ID: c08bd768387c0f159dcd56f555266e2594d4de7100e9cce0cc42dae9ab56fecc
                                                                                                                                • Opcode Fuzzy Hash: e1db407a718eddb1210383af69c8eca0d1487e18df1aa1c2891466589efa24f8
                                                                                                                                • Instruction Fuzzy Hash: 4AA0029DF94B0323D408725B3C13A59E52077E1889FC4206CF518FE367F79596340A7A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3D80, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017426D8,013F3DA0), ref: 013F3D8A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: d87869f257279adf642d689d3d0e0f3c6a67bf0787ae44774890a5f7278c7552
                                                                                                                                • Instruction ID: 8a8adf65113667d5ba632a52e65412490e09a1169d9fc9da94815825d9f18538
                                                                                                                                • Opcode Fuzzy Hash: d87869f257279adf642d689d3d0e0f3c6a67bf0787ae44774890a5f7278c7552
                                                                                                                                • Instruction Fuzzy Hash: 8FA022CCBB030F0B8800200E3C0BA0CC00038E0A0CBC000ACF028FEB03F28000B00223
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F79F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017429E4,013F7A10), ref: 013F79FA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 7c8aeaa1dae15666d7cf2453e2a14ee6d9790eef5e8c2b6a87fd81a5fa268205
                                                                                                                                • Instruction ID: efa0394867d0b842e1045dcb0f1396916c4e546e04c3f2a94595b7376b8accee
                                                                                                                                • Opcode Fuzzy Hash: 7c8aeaa1dae15666d7cf2453e2a14ee6d9790eef5e8c2b6a87fd81a5fa268205
                                                                                                                                • Instruction Fuzzy Hash: A3A011ACA8820223A80020823C03A28A00032A0888BC00828F000BA383E2AA02380222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F41E0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174284C,013F4200), ref: 013F41EA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 753ca1c6d781887678f9723117e690049bbf491e6e1dd6a883915e0393f20cf9
                                                                                                                                • Instruction ID: 2eda9346d1a251573c3b25044c5ac5b57d3175915d76e7d952aafd12db8df712
                                                                                                                                • Opcode Fuzzy Hash: 753ca1c6d781887678f9723117e690049bbf491e6e1dd6a883915e0393f20cf9
                                                                                                                                • Instruction Fuzzy Hash: 9CA0228CBC030223F000330A3C03C0CC00C38F0A08BC2003CF000EE323F28000300222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3C30, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174258C,01414F20), ref: 013F3C3A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 00452a0b0b828799819bb3b2483eef6331a306fd7ca372b41130ecd9a5c813c3
                                                                                                                                • Instruction ID: 7a71455e6ac7c7fd906b9bd7d455119efae9b0d53ab8c4e2ded1e193a1747241
                                                                                                                                • Opcode Fuzzy Hash: 00452a0b0b828799819bb3b2483eef6331a306fd7ca372b41130ecd9a5c813c3
                                                                                                                                • Instruction Fuzzy Hash: 12A001EAA9860217444422963C36908D621A9AA906BF804A9B506EA61AFAA5953806A6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3C10, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174255C,01414ED0), ref: 013F3C1A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: aae753e9149a4e7c587c821bfd4d885c1a3a057f983915dff04a9eeb376cd313
                                                                                                                                • Instruction ID: ddfbc000cfc42e4d61cb9931971e217602a85ffee600f7dfc38f4b9ae29151de
                                                                                                                                • Opcode Fuzzy Hash: aae753e9149a4e7c587c821bfd4d885c1a3a057f983915dff04a9eeb376cd313
                                                                                                                                • Instruction Fuzzy Hash: 10A024D475430503440011453C33404C43034D0505FFC00D4F005DD107F350003011D5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3C70, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017425EC,01414FC0), ref: 013F3C7A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 455794966da6fd5b3698c6c519320c7d9193326ae5aebeeb74d59d09d6d24af2
                                                                                                                                • Instruction ID: 16edbbffa4a3f30ff05f08de4d5e6900548858e92efed075cf22faf8ca6f0279
                                                                                                                                • Opcode Fuzzy Hash: 455794966da6fd5b3698c6c519320c7d9193326ae5aebeeb74d59d09d6d24af2
                                                                                                                                • Instruction Fuzzy Hash: 39A001E9A9860227440022963C36908D5246AA2906BEE01A9B506AA21AF6A5952616A6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7870, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742978,013F7890), ref: 013F787A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 151b41e30c7c7ca51602a2f2f99a8e1837fd26d8ff7890c98235f575da32d847
                                                                                                                                • Instruction ID: 2bed31f3af64a7491b7afd2fd828a1e5e0932788a867a9315592f5f52d097c13
                                                                                                                                • Opcode Fuzzy Hash: 151b41e30c7c7ca51602a2f2f99a8e1837fd26d8ff7890c98235f575da32d847
                                                                                                                                • Instruction Fuzzy Hash: 85A0019DE94702938400B15A3C13A18A9207AE5889FC400A8F548BA203E6A5952492A6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4050, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017427B4,013F4070), ref: 013F405A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: c24d2e36c049538fe9c018f7d91b1e4f56291cfa6835aa1d5ef2e2d5b291b941
                                                                                                                                • Instruction ID: 9d3436d0a61d825692692fcb23aea1a1d6c2846f7e5e7666062da4b26a3af742
                                                                                                                                • Opcode Fuzzy Hash: c24d2e36c049538fe9c018f7d91b1e4f56291cfa6835aa1d5ef2e2d5b291b941
                                                                                                                                • Instruction Fuzzy Hash: 33A00299BD4713178416B1663D33A69ED5075F180DBC4016CF744EE303F7995574026B
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3C50, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017425BC,01414F70), ref: 013F3C5A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: e75a2184801a9f08e70f3a80d8a192862f671332f6c9664fc586628045cadcaa
                                                                                                                                • Instruction ID: f279ffe3fb14c4a480177b204527ca81eee9ff4c7e50d51728519f69eb02fe6d
                                                                                                                                • Opcode Fuzzy Hash: e75a2184801a9f08e70f3a80d8a192862f671332f6c9664fc586628045cadcaa
                                                                                                                                • Instruction Fuzzy Hash: 5FA001E9A986121B440022663C36918E92069A1906BE800A9B416AA22AF7A9656406BA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3CB0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174264C,014150E0), ref: 013F3CBA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 686ba948242903377b9fdad206f3bdcee3762f6c753c059fd6ac6c6cfe17f6dc
                                                                                                                                • Instruction ID: 0110948e963788f3469d038bba1c9d71ee11db11377abb1ae038e083b9de79ae
                                                                                                                                • Opcode Fuzzy Hash: 686ba948242903377b9fdad206f3bdcee3762f6c753c059fd6ac6c6cfe17f6dc
                                                                                                                                • Instruction Fuzzy Hash: B6A022ECBC03020300003A823C23A08C800BAE2A00BE20028F000EEB23F2A0883002AB
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3C90, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174261C,01415020), ref: 013F3C9A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 86c2a4a9f8c264c6c5a987042525c613c8239fa073a522c4774ad145a37593d2
                                                                                                                                • Instruction ID: 6f9a5a33adf04f45a6d4d44168533cc29c9b2d74da238e17e330507e06464483
                                                                                                                                • Opcode Fuzzy Hash: 86c2a4a9f8c264c6c5a987042525c613c8239fa073a522c4774ad145a37593d2
                                                                                                                                • Instruction Fuzzy Hash: 7AA002EDB9470223481176963C23A5CDA11BAF6A05FD40079F404EEA17F6B5693406B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3CF0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017426AC,013F3D10), ref: 013F3CFA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 1f832a202cec16c6080589c9d1859b6a072fa0734481e0d22523a6ed25686b69
                                                                                                                                • Instruction ID: 8a9d469ecbe31d34eabbe5c220b1cb4e363fe35626a70b7d3eb4b7a515f4aaad
                                                                                                                                • Opcode Fuzzy Hash: 1f832a202cec16c6080589c9d1859b6a072fa0734481e0d22523a6ed25686b69
                                                                                                                                • Instruction Fuzzy Hash: 70A002DDB9471753944076563C1391CDD107AE2A09BE4046CF504EEB43F69699344667
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F78F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174299C,013F7910), ref: 013F78FA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 45997d759f5cb17b8eb6cdd24a2e2d1610d80697a29dd5caecf66521112135aa
                                                                                                                                • Instruction ID: 9268f1b6ca66f831a9464c5e430e12250adf2995a909e395367d06365f25dd9e
                                                                                                                                • Opcode Fuzzy Hash: 45997d759f5cb17b8eb6cdd24a2e2d1610d80697a29dd5caecf66521112135aa
                                                                                                                                • Instruction Fuzzy Hash: FFA002DDF94782238450225A3C23B0DE5147BE68A9BD4186CF584FE313F6D756340267
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3CD0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174267C,01415150), ref: 013F3CDA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 60f288264a48e260da046615aa8858ab2d168839a86ce1c9e250693db6202659
                                                                                                                                • Instruction ID: 116ff453f0532c219d45bb7eac0728338302c9dad75526d0694033abcb71f7a9
                                                                                                                                • Opcode Fuzzy Hash: 60f288264a48e260da046615aa8858ab2d168839a86ce1c9e250693db6202659
                                                                                                                                • Instruction Fuzzy Hash: 6EA011A8AA020203000022823C0288882002AEAA00BC00028F000EEA02EAA808200223
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3B30, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174240C,01414380), ref: 013F3B3A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: c199b57fd25bd8474abc6115bd9487b9d63c39da8f97a7794f101d6cdc159f0f
                                                                                                                                • Instruction ID: 8eaf61ab2d4b7f6631cb199ff601cc9a55624a41193a3c40acbc9f88a6ece390
                                                                                                                                • Opcode Fuzzy Hash: c199b57fd25bd8474abc6115bd9487b9d63c39da8f97a7794f101d6cdc159f0f
                                                                                                                                • Instruction Fuzzy Hash: 2BA022F8BC0B03830000220E3C03808E230F8E0808BE80238F800EF223F3B08C300222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3F30, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174275C,013F3F50), ref: 013F3F3A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: c7f04f6dc501d2266c50f859f2d705be864247d884afe06fe080b5dc10535154
                                                                                                                                • Instruction ID: 174477e2073fcc10f6e92b6317f2fafbad9173bc481cbfd23747773fdfcc7fe1
                                                                                                                                • Opcode Fuzzy Hash: c7f04f6dc501d2266c50f859f2d705be864247d884afe06fe080b5dc10535154
                                                                                                                                • Instruction Fuzzy Hash: FEA02288B88303038802A2023C03A08CA303CE0808BC000ACF308FE303F380003C022A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4330, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017428DC,013F4350), ref: 013F433A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: f1069de4673fd162a6af6ac010059942dc65fd3802aefb6aedb42fa5e3326805
                                                                                                                                • Instruction ID: 6831c4482a7b02c2e1bbe119d71179b52b05198d76c50ac2ab2ddefeb1980fbb
                                                                                                                                • Opcode Fuzzy Hash: f1069de4673fd162a6af6ac010059942dc65fd3802aefb6aedb42fa5e3326805
                                                                                                                                • Instruction Fuzzy Hash: 15A0029ABF470327A40122563C1390DD628B9F1949BC8046DF664FE703F69A55781766
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3B10, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017423D8,01414010), ref: 013F3B1A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 6e5a8c285e6967822c9373361cc3341ae7e2416c475a3754006e959013d102d0
                                                                                                                                • Instruction ID: 8758b1c5620f2e3368328561175bea557c33bb80f91fc99a70935a301df9a5db
                                                                                                                                • Opcode Fuzzy Hash: 6e5a8c285e6967822c9373361cc3341ae7e2416c475a3754006e959013d102d0
                                                                                                                                • Instruction Fuzzy Hash: 5EA022E8BA0302230000238B3C03A08C83030E0C00FC800A8F000FEA03F3E2A0380222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7770, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742930,013F7790), ref: 013F777A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 82b569b20bdfbaee4c1741e6de77eb3bb32006e1a0a170d48ea0756cb4e99188
                                                                                                                                • Instruction ID: a61b7d64844654f6064829598345c4909151ad595eda9bc853922dfb59878637
                                                                                                                                • Opcode Fuzzy Hash: 82b569b20bdfbaee4c1741e6de77eb3bb32006e1a0a170d48ea0756cb4e99188
                                                                                                                                • Instruction Fuzzy Hash: 8BA0228CFBE30323C00820833C03A28E02033E8888BC0002CF00CFE303F280A038022A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3B70, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174246C,01414670), ref: 013F3B7A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 1f439d1431acea192621945cd088560352429aea4505ae21c9f7dd489d03dd06
                                                                                                                                • Instruction ID: 80016f353ea4f4060c8c2782245465514551d3857a49ecdf5c6e9e4b15dfa158
                                                                                                                                • Opcode Fuzzy Hash: 1f439d1431acea192621945cd088560352429aea4505ae21c9f7dd489d03dd06
                                                                                                                                • Instruction Fuzzy Hash: 3FA001E9A9560253440026AA7C16A089520A9E190ABD81469B558AA216E7A9996402AA
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3B50, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174243C,01414430), ref: 013F3B5A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 1a36e19af5c5ba64db96fd3a81d8d3de32ca4dc4fedee6e1396dfb844251c8c9
                                                                                                                                • Instruction ID: 48056b8f86aa5c60f2ad7f8e7d68dd961066687b4db5ca15533711257916b5fb
                                                                                                                                • Opcode Fuzzy Hash: 1a36e19af5c5ba64db96fd3a81d8d3de32ca4dc4fedee6e1396dfb844251c8c9
                                                                                                                                • Instruction Fuzzy Hash: 0DA001A9BE8622134404229A7D129089520A9A1A49BD86169B444AE62BE7A599340266
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3BB0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017424CC,01414DD0), ref: 013F3BBA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: c623c437a58d23c177b1c3cff610a5ea331c57f490bf48156cfcd5a1248b5996
                                                                                                                                • Instruction ID: 6ea511570f7530742d7cbffe6e80082538def3a48da63e4af0346077d87447f5
                                                                                                                                • Opcode Fuzzy Hash: c623c437a58d23c177b1c3cff610a5ea331c57f490bf48156cfcd5a1248b5996
                                                                                                                                • Instruction Fuzzy Hash: 52A011A8AA0A02030800220E3C028088020A8E0A08FC80028B008AB222E3A088300222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F43A0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017428DC,013F4350), ref: 013F43AA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: f1069de4673fd162a6af6ac010059942dc65fd3802aefb6aedb42fa5e3326805
                                                                                                                                • Instruction ID: 6831c4482a7b02c2e1bbe119d71179b52b05198d76c50ac2ab2ddefeb1980fbb
                                                                                                                                • Opcode Fuzzy Hash: f1069de4673fd162a6af6ac010059942dc65fd3802aefb6aedb42fa5e3326805
                                                                                                                                • Instruction Fuzzy Hash: 15A0029ABF470327A40122563C1390DD628B9F1949BC8046DF664FE703F69A55781766
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3B90, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174249C,01414D80), ref: 013F3B9A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: bce53e3f947cb0733008b9159c35d33e11bce17101ef7d02541dc2acce52b12c
                                                                                                                                • Instruction ID: 34b14dd41b3cf81b7ca739f48c56125235dc2ca8f787da015ba4e4fec9fac340
                                                                                                                                • Opcode Fuzzy Hash: bce53e3f947cb0733008b9159c35d33e11bce17101ef7d02541dc2acce52b12c
                                                                                                                                • Instruction Fuzzy Hash: 81A011E8A80282030800222A3C22A0C8020A8A2828BE800A8F080AA202E2A088200222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3BF0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174252C,01414E70), ref: 013F3BFA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 633ffe452db02cc8003937106f9041cd2cb45490f3b4c7a73426581281a62cf8
                                                                                                                                • Instruction ID: e4ba011fd781055f37dcd0a38cdc83ab7092595de380c1cb1e7e3fa5807737ee
                                                                                                                                • Opcode Fuzzy Hash: 633ffe452db02cc8003937106f9041cd2cb45490f3b4c7a73426581281a62cf8
                                                                                                                                • Instruction Fuzzy Hash: 14A011ECAA830203000022A23C22808E82028A0822BE800A8B00AEA203F3A000200AE2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F77F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742954,013F7810), ref: 013F77FA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 3db771c0edb226d4d77b54e2fcecfa92080ef974918c8f67844bcf394cd2b4dd
                                                                                                                                • Instruction ID: 1b793ac8d9f620563f83800efc0e3f1cad14c746bcce6bc380821aabb23d3197
                                                                                                                                • Opcode Fuzzy Hash: 3db771c0edb226d4d77b54e2fcecfa92080ef974918c8f67844bcf394cd2b4dd
                                                                                                                                • Instruction Fuzzy Hash: FCA0118EB8020303880030023C03A08A80032A0888BC20828F000BA203E2A200BA8222
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3BD0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017424FC,01414E20), ref: 013F3BDA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: ac4aba732dcce3ed8e4d50b6de3349ecc80b94170ea79dd1e61dab19f0207210
                                                                                                                                • Instruction ID: d4462356557b0354e8c822c68d951ea0abe071290e6965ef95d81ad3e940204b
                                                                                                                                • Opcode Fuzzy Hash: ac4aba732dcce3ed8e4d50b6de3349ecc80b94170ea79dd1e61dab19f0207210
                                                                                                                                • Instruction Fuzzy Hash: 50A022E8B88302038000228A3C23C0CFB22F8E0C0ABE800A8F000EE203F3A0083002A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3FC0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742788,013F3FE0), ref: 013F3FCA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 33b42a630437a82ec1e684da47ad291243f330ad9741c86b809b03be0d9cd626
                                                                                                                                • Instruction ID: 7d57f0b97d810c2c394d0f714ba1d107a8e149560be667a2fb78378046ce6476
                                                                                                                                • Opcode Fuzzy Hash: 33b42a630437a82ec1e684da47ad291243f330ad9741c86b809b03be0d9cd626
                                                                                                                                • Instruction Fuzzy Hash: 07A00199A99707138406A19A3C13A18996079E5889BC4006DB644EA206EB9A55684266
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3E10, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742704,013F3E30), ref: 013F3E1A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 5f67fb9e359e42ac1fdba992702126d0bbc3dedd1c4cd15beb5acdc82ca3d388
                                                                                                                                • Instruction ID: e83d124f5d7fd35a5bc0d018a32088add36b54fe267c819f27ca38af9d459fa4
                                                                                                                                • Opcode Fuzzy Hash: 5f67fb9e359e42ac1fdba992702126d0bbc3dedd1c4cd15beb5acdc82ca3d388
                                                                                                                                • Instruction Fuzzy Hash: 7FA0029ABE4753978806B5E63C23949E95179F1C09BC4207CF709EE303F799593C8267
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7A70, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742A08,013F7A90), ref: 013F7A7A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: d8f1718a238fce2dd60b925b71c51dda9cc79db7ed6cab7e9654da3b64376894
                                                                                                                                • Instruction ID: e431fc9739c96082a2b081717fa28daa541287c278216eb47acd86a0dc2c34de
                                                                                                                                • Opcode Fuzzy Hash: d8f1718a238fce2dd60b925b71c51dda9cc79db7ed6cab7e9654da3b64376894
                                                                                                                                • Instruction Fuzzy Hash: 92A00299F957839B9820E9BA3C13A19F62179E1C49BC5006CFD09EE303F695D738436B
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4250, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174287C,013F4270), ref: 013F425A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 06c82ee83dd68996e53b65d8e9b5ea283e9f1f323edeefd0557b8de6ab466ab7
                                                                                                                                • Instruction ID: 6caa6d897c5e4437bf5feb2b1220bec73a8fff756ddf9b30bb23dea7dffdd0a0
                                                                                                                                • Opcode Fuzzy Hash: 06c82ee83dd68996e53b65d8e9b5ea283e9f1f323edeefd0557b8de6ab466ab7
                                                                                                                                • Instruction Fuzzy Hash: 59A0029DBD470323A90433663D1394DD5287AF9A89BC4007CF584EF303FB9595B80276
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3EA0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742730,013F3EC0), ref: 013F3EAA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 8d8c7865a62001b2c38b054ea7b5ae76a36d355087d1309e09eec689a49277af
                                                                                                                                • Instruction ID: dc3bf9c1573da0fc1260877005262f6109e6dbcdfb025e4e7f9d0d6cfd83958f
                                                                                                                                • Opcode Fuzzy Hash: 8d8c7865a62001b2c38b054ea7b5ae76a36d355087d1309e09eec689a49277af
                                                                                                                                • Instruction Fuzzy Hash: FBA0019AAA964213840AA5963C2290A95117AA1849BC40468F648AA202E7A59924C26A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F76F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(0174290C,013F7710), ref: 013F76FA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 16ecd63caf228d12343c13a6d556d2f1e2a47e283281da9b12cb6f0582ed513e
                                                                                                                                • Instruction ID: d1fe2b5dc06d43954317a6fa57850e400638fadb088856b0fc815c62abfdaec8
                                                                                                                                • Opcode Fuzzy Hash: 16ecd63caf228d12343c13a6d556d2f1e2a47e283281da9b12cb6f0582ed513e
                                                                                                                                • Instruction Fuzzy Hash: 02A0029DFA5B1A67D54022573C53A28E7107BE1889BC40C6CF904FE313F6E766384366
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F42C0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017428AC,013F42E0), ref: 013F42CA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 68b9b5ef118da1fd2913eb484cf02025205e464da9f9fb6eecb2b378d6b59f3d
                                                                                                                                • Instruction ID: 57f15481fbdd49c372bd95fff7c196d6c3a0b4bd6496b495af1160900b344583
                                                                                                                                • Opcode Fuzzy Hash: 68b9b5ef118da1fd2913eb484cf02025205e464da9f9fb6eecb2b378d6b59f3d
                                                                                                                                • Instruction Fuzzy Hash: E6A0029DBD471663B44063963C1391DD91879F5A49BD4007CF544EE303FA995535026A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E0280, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(017423C0,013E02A0), ref: 013E028A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_once
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2810965452-0
                                                                                                                                • Opcode ID: 4cf8dc6b9208a4ac2d7eff45c86ea58d4bdd3aa03cbd40d2ae80fc734adee3aa
                                                                                                                                • Instruction ID: 1bccf0bb9cfd1e6ca75c9f23d2d5e4878c6a56f45ee769e8d74279f526a3b000
                                                                                                                                • Opcode Fuzzy Hash: 4cf8dc6b9208a4ac2d7eff45c86ea58d4bdd3aa03cbd40d2ae80fc734adee3aa
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D29A0, Relevance: 1.5, APIs: 1, Instructions: 2COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013D29A4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_inc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3390294253-0
                                                                                                                                • Opcode ID: bfc29cb24009524d434c75f24563d78ea1bb6c84c576859ea175b262dc8f1569
                                                                                                                                • Instruction ID: 3f90d75f6bee9e61474907be5ca7d6304faae119c993af2b1a9c67651219761f
                                                                                                                                • Opcode Fuzzy Hash: bfc29cb24009524d434c75f24563d78ea1bb6c84c576859ea175b262dc8f1569
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3A60, Relevance: 1.3, APIs: 1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000120), ref: 013F3A7D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2221118986-0
                                                                                                                                • Opcode ID: 1a65f986890fb835ade19151e5734eea20c7ce5b92fcb8b21866d6b158c8cefb
                                                                                                                                • Instruction ID: 9ca4e04b28dece8b7f45c98d3232f10a7760e6b70ff632938869bb38f8550eef
                                                                                                                                • Opcode Fuzzy Hash: 1a65f986890fb835ade19151e5734eea20c7ce5b92fcb8b21866d6b158c8cefb
                                                                                                                                • Instruction Fuzzy Hash: 661172B2A007049BC3288F6AD8457CAF7E5EFC8310F148A2DEAAD87680D774B5548BD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014059C0, Relevance: .5, Instructions: 510COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a95118c4f70b7c9e2ec0a5933f190774620e128dc539b2016e26e960d4f684d
                                                                                                                                • Instruction ID: 0ea8774a67423f634314a676b9b950b3634149a0b033dd2da1dc0b2409181474
                                                                                                                                • Opcode Fuzzy Hash: 8a95118c4f70b7c9e2ec0a5933f190774620e128dc539b2016e26e960d4f684d
                                                                                                                                • Instruction Fuzzy Hash: 66228AB59193028FC306CF39C08055ABBE1BF99254F548B2EF998A7352E731E995CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014052A0, Relevance: .5, Instructions: 495COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a952cb7ab0e0e7d9b0a8398ebf20457cd856296479d771605e5863bfeab5ed9f
                                                                                                                                • Instruction ID: d248917951cb14cd12df8eaeb0518620d23d19b20249c812eeec0ce46198411a
                                                                                                                                • Opcode Fuzzy Hash: a952cb7ab0e0e7d9b0a8398ebf20457cd856296479d771605e5863bfeab5ed9f
                                                                                                                                • Instruction Fuzzy Hash: FB2268759197429FC716CF39C08055AFBE0BF9A254F508B2EF999A7352E730E8848F81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014066D0, Relevance: .4, Instructions: 433COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 36e124fe913ad4ae2de5b857090e90fe7cea57facc9c91ff30840b42cba734a8
                                                                                                                                • Instruction ID: 712aa8a9d1781019fb99cb5625803b336d44cda1c20ac04251c474baa946b2dc
                                                                                                                                • Opcode Fuzzy Hash: 36e124fe913ad4ae2de5b857090e90fe7cea57facc9c91ff30840b42cba734a8
                                                                                                                                • Instruction Fuzzy Hash: 1702CF719193429BC706CF39C08455ABBE1BFD9294F55CB2EF889A7352E730E894CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014060D0, Relevance: .4, Instructions: 431COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d46eb0b216097f299df66701f83773b34f46282aa9177ef19f8ecea7e221a225
                                                                                                                                • Instruction ID: f4d90b4f193aa522a6767f99fd0c1c195c6910af7ac09f4482d066cc5d13dca2
                                                                                                                                • Opcode Fuzzy Hash: d46eb0b216097f299df66701f83773b34f46282aa9177ef19f8ecea7e221a225
                                                                                                                                • Instruction Fuzzy Hash: 9C02BF759193428FC706CF39C08455ABBE1BFD9294F15CB2EF989A7356E730E8908B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DE760, Relevance: .3, Instructions: 314COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 865d06841b57cd3974e534becf259649cc2d6d97c29d2e6bf0dc5145630fc3b8
                                                                                                                                • Instruction ID: 6aea4c7534da1e14f78283d0cdce6725525f6a11089489fabb4cf9baf0b1c80e
                                                                                                                                • Opcode Fuzzy Hash: 865d06841b57cd3974e534becf259649cc2d6d97c29d2e6bf0dc5145630fc3b8
                                                                                                                                • Instruction Fuzzy Hash: 80D1D23790D7819BC721CF28D48056ABBB1BFD5608F598E6DE8A95B242D331E984C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01404C80, Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8a16d36e26fa89601b749c0636b2efbf1bb5e6b2e06868d2bddb136eaa4d895f
                                                                                                                                • Instruction ID: 3b6c4c9b73f304e0d10fcb67e7c9bca3cf3065f7605e12e1c785fade5b4cd511
                                                                                                                                • Opcode Fuzzy Hash: 8a16d36e26fa89601b749c0636b2efbf1bb5e6b2e06868d2bddb136eaa4d895f
                                                                                                                                • Instruction Fuzzy Hash: 6DC14875909B419FC319CF29C08469BFBE1AF99214F14CA1EE8ED83791D770E844CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01405000, Relevance: .2, Instructions: 197COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0c6b276366ac97874d5fffebd46005bffab62bef1c342d8af737b9906ac293da
                                                                                                                                • Instruction ID: 36390b0c76e2f9aeb8bc36f5ec53aad96649263434aee1dbd93e4912fcee0836
                                                                                                                                • Opcode Fuzzy Hash: 0c6b276366ac97874d5fffebd46005bffab62bef1c342d8af737b9906ac293da
                                                                                                                                • Instruction Fuzzy Hash: CB71C4719153018BDB1ACF3DC085566BBA1EF9A290F54CB6EED88AB397F730D4808B41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DE3A0, Relevance: .2, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f48c9728877ea58c791cd8df40beb76e480841ea9409c636306ed3d9c99718c7
                                                                                                                                • Instruction ID: 6f136f8930217494b0869d968313b232e8b561c581968a16a7d098b35587398b
                                                                                                                                • Opcode Fuzzy Hash: f48c9728877ea58c791cd8df40beb76e480841ea9409c636306ed3d9c99718c7
                                                                                                                                • Instruction Fuzzy Hash: A451C3369097419BC715CF28D48046ABBF1BFD9218F99CA2DFCA95B312E730E940CB42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F5760, Relevance: .1, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c37e7db4f3dd09da8a01fa1debc7e32b57dc0bf73793b1a2c417ae09585c8ada
                                                                                                                                • Instruction ID: 66dba181ae64bf31e7e341944e7fd5b4c07544be0d95d666dbfb4f3c3c91dd4d
                                                                                                                                • Opcode Fuzzy Hash: c37e7db4f3dd09da8a01fa1debc7e32b57dc0bf73793b1a2c417ae09585c8ada
                                                                                                                                • Instruction Fuzzy Hash: DB21B2737246110BF38CDD7A8C8662762C3DBC8265B0CC53DDA96C7385DC74E816C291
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F4620, Relevance: .1, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53ab2e371c354b7afad2ed5607ac001f18216b6211b7e4d6f33e1385390e9f36
                                                                                                                                • Instruction ID: 148692cfb0e739f6195c910d81924b2ce12195366949340a9230edf2ce78ff34
                                                                                                                                • Opcode Fuzzy Hash: 53ab2e371c354b7afad2ed5607ac001f18216b6211b7e4d6f33e1385390e9f36
                                                                                                                                • Instruction Fuzzy Hash: A721B2737246110BF38CDD7A8C8662762C3DBC8265B0CC53DDA96C7386DCB4E816C291
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01425EF0, Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c7544907f1d96153e2ef04f363e4c4ca3fb1375aca3b5e15bfbcc51a9ee000a
                                                                                                                                • Instruction ID: fce7565251fcdec23daf4294c2f1f3d9164646bead50a002ce8a2c965d79b108
                                                                                                                                • Opcode Fuzzy Hash: 6c7544907f1d96153e2ef04f363e4c4ca3fb1375aca3b5e15bfbcc51a9ee000a
                                                                                                                                • Instruction Fuzzy Hash: 7E113132D25B254ED3228639C892B33F798AFD7188B96C36BF45077963E33090C16250
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F5870, Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 800824215fdb19466dfcc3e3a57c5f74ab976cebf6ba963c160ea101fbf0984f
                                                                                                                                • Instruction ID: e29d493e4f7bf18330f7413662e1dbd6ba172652d0a4c026a97c1cfc87f27e95
                                                                                                                                • Opcode Fuzzy Hash: 800824215fdb19466dfcc3e3a57c5f74ab976cebf6ba963c160ea101fbf0984f
                                                                                                                                • Instruction Fuzzy Hash: 05F01CB9A04204ABCB00DF19D94188ABBF4EF89624F10852DED9997340D731FD10CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A6D0, Relevance: .0, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f3c0c2c491b4337df13f774afb5b7233a9331d39962c18b176d1eee59c232fe
                                                                                                                                • Instruction ID: 629bbeaeeb5cd271ded3fec003fca8f9dce543599243a8d82ab6d8d89e044728
                                                                                                                                • Opcode Fuzzy Hash: 4f3c0c2c491b4337df13f774afb5b7233a9331d39962c18b176d1eee59c232fe
                                                                                                                                • Instruction Fuzzy Hash: BDC04C746053019FDA09DF5AC454D2A77B5AFD8641B10885DE587476A0C731DC12EA01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DD960, Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 594e16b96d352dfd0a86f252936daff2a05725de320b3062fc5cd90c1a72efe5
                                                                                                                                • Instruction ID: 1479803a17a61f402ec69f3692df71c4301b3f9b2fc530e097375735576ef17e
                                                                                                                                • Opcode Fuzzy Hash: 594e16b96d352dfd0a86f252936daff2a05725de320b3062fc5cd90c1a72efe5
                                                                                                                                • Instruction Fuzzy Hash: 12A011EF88020023CA002282AC02808B2223AA820CB802008E0AC20222A02A22200202
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D94D0, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 47947dbcec51d83d8de29823e6319b36fa0b5a7e6e5c9588cb7a0c8bbcd7e54d
                                                                                                                                • Instruction ID: 5925d1099e5cff3c24de46109b152dcf4033936c1fdacc1070ca16e0dd08034b
                                                                                                                                • Opcode Fuzzy Hash: 47947dbcec51d83d8de29823e6319b36fa0b5a7e6e5c9588cb7a0c8bbcd7e54d
                                                                                                                                • Instruction Fuzzy Hash: D7C04C122041044AFB35C51CE49476A2560A78026CFA46F57E551D1CE2C619C4808342
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D7310, Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 47947dbcec51d83d8de29823e6319b36fa0b5a7e6e5c9588cb7a0c8bbcd7e54d
                                                                                                                                • Instruction ID: fa6102f57e3efff0f4da21118a05d4a7ca0f0554c75a094f7e195ad9e04f60eb
                                                                                                                                • Opcode Fuzzy Hash: 47947dbcec51d83d8de29823e6319b36fa0b5a7e6e5c9588cb7a0c8bbcd7e54d
                                                                                                                                • Instruction Fuzzy Hash: 94C04C1660410586FB25451CE4967693580A78026CFE46F59E991D14E0CA18C58082C2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DDCE0, Relevance: .0, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d08f3c405c302abcb958b33d21bbbfe812606e1c1ecf656f3e939966732e7075
                                                                                                                                • Instruction ID: 9b2c44a88c963bb26ab6f4f722b8046176d857ce3a86a0a901f8cca2be3fe3ea
                                                                                                                                • Opcode Fuzzy Hash: d08f3c405c302abcb958b33d21bbbfe812606e1c1ecf656f3e939966732e7075
                                                                                                                                • Instruction Fuzzy Hash: F8C0027A808201BECE125A54BD0141ABBA5BB9462CF808958F5A800025D77281289A42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01521F50, Relevance: .0, Instructions: 3COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 87d4f2656635323db5cf57101e284b44610db3940abc83a32353c5cafd943088
                                                                                                                                • Instruction ID: 1cd3b864581cb4594e541b112e3ae62682a5bf47d214ed571b14a3bdd61c0000
                                                                                                                                • Opcode Fuzzy Hash: 87d4f2656635323db5cf57101e284b44610db3940abc83a32353c5cafd943088
                                                                                                                                • Instruction Fuzzy Hash: 3DA002747041009F8F00CB09C388C05B7E0AB84700B05C484B44C87211C270EC00DA01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01521F60, Relevance: .0, Instructions: 3COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e4efa4b0ad3d25f32a9fea0bbd39e42e0dd334bcbf4472a2ef145429ee59f8f2
                                                                                                                                • Instruction ID: 2cbafd2018ecf030a0ae945de7934da5203be964b0b1579e54f6686ba81735af
                                                                                                                                • Opcode Fuzzy Hash: e4efa4b0ad3d25f32a9fea0bbd39e42e0dd334bcbf4472a2ef145429ee59f8f2
                                                                                                                                • Instruction Fuzzy Hash: 79A002346041009F8E00CB08C288D05B3E0AB84700B058484B448C7221C230EC40DA01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531730, Relevance: .0, Instructions: 3COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cfdfab9daa818ad6120176a579ec111e0189a74a3f6c366311bc7197d2ef7fea
                                                                                                                                • Instruction ID: 3a053d72d7117606bce25011065ddb797af2fb18699cdc10b5f6b5bc716218a7
                                                                                                                                • Opcode Fuzzy Hash: cfdfab9daa818ad6120176a579ec111e0189a74a3f6c366311bc7197d2ef7fea
                                                                                                                                • Instruction Fuzzy Hash: 12A002781042009FD7018F04C94074577E0BB85B00FC14484A44447250C3789C00DA11
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3740, Relevance: .0, Instructions: 3COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9555198531a335f6312ac6972ac363e2d10b360ab5f32bd1ecf003ba193e1f8c
                                                                                                                                • Instruction ID: 0d4d2b3d3ae27ae904c44d01fb4a758d629308af1e264dc01759f5370e899d61
                                                                                                                                • Opcode Fuzzy Hash: 9555198531a335f6312ac6972ac363e2d10b360ab5f32bd1ecf003ba193e1f8c
                                                                                                                                • Instruction Fuzzy Hash: A9A002346042009F8E04CE08C280C05B3E0BB84700B1148C4B45487211C230EC00DA01
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D6F90, Relevance: .0, Instructions: 1COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 58defc66ac83c283022b7e173e8cf2b0f3eeb76ed192817aa6bd5f6cdfb1ce5b
                                                                                                                                • Instruction ID: 79ecb41f6451a2adb0706010fd1a3efba30605b055edbb5455ea39dab8077a26
                                                                                                                                • Opcode Fuzzy Hash: 58defc66ac83c283022b7e173e8cf2b0f3eeb76ed192817aa6bd5f6cdfb1ce5b
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D6290, Relevance: .0, Instructions: 1COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 58defc66ac83c283022b7e173e8cf2b0f3eeb76ed192817aa6bd5f6cdfb1ce5b
                                                                                                                                • Instruction ID: cfab668045c52ed45743fb06e064f7c36b2b4ccf318c894cc3183a25dcb6d12f
                                                                                                                                • Opcode Fuzzy Hash: 58defc66ac83c283022b7e173e8cf2b0f3eeb76ed192817aa6bd5f6cdfb1ce5b
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098F314, Relevance: 37.9, APIs: 25, Instructions: 391COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E7098F314(void* __ebx, int __edi, void* __esi, void* __eflags) {
				int _t140;
				int _t141;
				short* _t143;
				char* _t149;
				int _t151;
				int _t152;
				int _t153;
				void* _t160;
				intOrPtr _t161;
				short* _t172;
				short* _t180;
				short* _t184;
				signed int _t185;
				void* _t187;
				intOrPtr _t188;
				short* _t192;
				signed int _t193;
				intOrPtr _t196;
				char* _t200;
				int _t203;
				long _t205;
				int _t207;
				signed int _t227;
				void* _t228;
				signed int _t237;
				int _t239;
				void* _t240;
				intOrPtr _t241;
				intOrPtr _t243;
				void* _t246;
				void* _t259;

				_t233 = __edi;
				_push(0x2c);
				_push(0x70993c40);
				E70989620(__ebx, __edi, __esi);
				_t236 =  *(_t240 + 0x24);
				_t207 = 0;
				_t246 =  *0x70997bc0 - _t207; // 0x1
				if(_t246 == 0) {
					_t233 = 1;
					if(LCMapStringW(0, 0x100, 0x70981e08, 1, 0, 0) == 0) {
						_t205 = GetLastError();
						__eflags = _t205 - 0x78;
						if(_t205 == 0x78) {
							 *0x70997bc0 = 2;
						}
					} else {
						 *0x70997bc0 = 1;
					}
				}
				if( *(_t240 + 0x18) <= _t207) {
					L13:
					_t140 =  *0x70997bc0; // 0x1
					if(_t140 == 2 || _t140 == _t207) {
						 *(_t240 - 0x2c) = _t207;
						_t233 = 0;
						 *(_t240 - 0x38) = _t207;
						 *(_t240 - 0x34) = _t207;
						__eflags =  *(_t240 + 0xc) - _t207;
						if( *(_t240 + 0xc) == _t207) {
							 *(_t240 + 0xc) =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 0x14);
						}
						__eflags = _t236 - _t207;
						if(_t236 == _t207) {
							_t236 =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 4);
							 *(_t240 + 0x24) = _t236;
						}
						_t141 = E7099168F(_t207, _t228, _t233, _t236,  *(_t240 + 0xc));
						 *(_t240 - 0x30) = _t141;
						__eflags = _t141 - 0xffffffff;
						if(_t141 != 0xffffffff) {
							__eflags =  *(_t240 - 0x30) - _t236;
							if( *(_t240 - 0x30) == _t236) {
								_t236 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 + 0x14),  *(_t240 + 0x18),  *(_t240 + 0x1c),  *(_t240 + 0x20));
								L93:
								__eflags =  *(_t240 - 0x2c);
								if(__eflags != 0) {
									_push( *(_t240 - 0x2c));
									E70988AB7(_t207, _t233, _t236, __eflags);
								}
								_t143 =  *(_t240 - 0x38);
								__eflags = _t143;
								if(_t143 != 0) {
									__eflags =  *(_t240 + 0x1c) - _t143;
									if(__eflags != 0) {
										_push(_t143);
										E70988AB7(_t207, _t233, _t236, __eflags);
									}
								}
								goto L99;
							}
							_t149 = E709916DD(_t236,  *(_t240 - 0x30),  *(_t240 + 0x14), _t240 + 0x18, _t207, _t207);
							_t243 = _t241 + 0x18;
							 *(_t240 - 0x2c) = _t149;
							__eflags = _t149 - _t207;
							if(_t149 == _t207) {
								goto L69;
							}
							_t151 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10), _t149,  *(_t240 + 0x18), _t207, _t207);
							 *(_t240 - 0x28) = _t151;
							__eflags = _t151 - _t207;
							if(_t151 != _t207) {
								 *(_t240 - 4) = _t207;
								__eflags = _t151 - _t207;
								if(_t151 <= _t207) {
									L80:
									_t152 = 0;
									__eflags = 0;
									L81:
									_t233 = _t152;
									 *(_t240 - 0x3c) = _t233;
									 *(_t240 - 4) = 0xfffffffe;
									__eflags = _t233 - _t207;
									if(_t233 != _t207) {
										L85:
										_t153 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x2c),  *(_t240 + 0x18), _t233,  *(_t240 - 0x28));
										 *(_t240 - 0x28) = _t153;
										__eflags = _t153 - _t207;
										if(_t153 == _t207) {
											goto L73;
										}
										_t237 = E709916DD( *(_t240 - 0x30),  *(_t240 + 0x24), _t233, _t240 - 0x28,  *(_t240 + 0x1c),  *(_t240 + 0x20));
										 *(_t240 - 0x38) = _t237;
										asm("sbb esi, esi");
										_t236 =  ~_t237 &  *(_t240 - 0x28);
										__eflags =  ~_t237 &  *(_t240 - 0x28);
										L87:
										__eflags =  *(_t240 - 0x34);
										if(__eflags == 0) {
											__eflags = _t233;
											if(_t233 == 0) {
												goto L93;
											}
											E7098F2EF(_t233);
											L91:
											goto L93;
										}
										_push(_t233);
										E70988AB7(_t207, _t233, _t236, __eflags);
										goto L91;
									} else {
										_t233 = E70988B9E(_t207, _t233,  *(_t240 - 0x28));
										__eflags = _t233 - _t207;
										if(_t233 == _t207) {
											goto L73;
										}
										E70989080(_t233, _t233, _t207,  *(_t240 - 0x28));
										_t243 = _t243 + 0xc;
										 *(_t240 - 0x34) = 1;
										goto L85;
									}
								}
								__eflags = _t151 - 0xffffffe0;
								if(_t151 > 0xffffffe0) {
									goto L80;
								}
								_t160 = _t151 + 8;
								__eflags = _t160 - 0x400;
								if(_t160 > 0x400) {
									_push(0xdddd);
									_t161 = E70988B9E(_t207, _t233, _t160);
								} else {
									E70989680(_t160);
									 *((intOrPtr*)(_t240 - 0x18)) = _t243;
									_t161 = _t243;
									_push(0xcccc);
								}
								_push(_t161);
								_t152 = E7098F2D4();
								goto L81;
							}
							L73:
							_t236 = 0;
							goto L87;
						} else {
							goto L69;
						}
					} else {
						if(_t140 != 1) {
							L69:
							L99:
							return E70989668(_t207, _t233, _t236);
						}
						 *(_t240 - 0x2c) = _t207;
						 *(_t240 - 0x24) = _t207;
						 *(_t240 - 0x34) = _t207;
						 *(_t240 - 0x28) = _t207;
						if(_t236 == _t207) {
							_t236 =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 4);
							 *(_t240 + 0x24) = _t236;
						}
						_t233 = MultiByteToWideChar(_t236, 1 + (0 |  *((intOrPtr*)(_t240 + 0x28)) != _t207) * 8,  *(_t240 + 0x14),  *(_t240 + 0x18), _t207, _t207);
						 *(_t240 - 0x30) = _t233;
						_t259 = _t233 - _t207;
						if(_t259 == 0) {
							goto L69;
						} else {
							 *(_t240 - 4) = 1;
							if(_t259 <= 0) {
								L25:
								_t172 = 0;
								__eflags = 0;
								L26:
								 *(_t240 - 0x20) = _t172;
								_t236 = 0xfffffffe;
								 *(_t240 - 4) = _t236;
								if( *(_t240 - 0x20) != 0) {
									L30:
									if(MultiByteToWideChar( *(_t240 + 0x24), 1,  *(_t240 + 0x14),  *(_t240 + 0x18),  *(_t240 - 0x20), _t233) == 0) {
										L53:
										_t236 = 0;
										_t269 =  *(_t240 - 0x28);
										if( *(_t240 - 0x28) == 0) {
											__eflags =  *(_t240 - 0x24);
											if(__eflags == 0) {
												L58:
												_t270 =  *(_t240 - 0x34) - _t236;
												if( *(_t240 - 0x34) == _t236) {
													__eflags =  *(_t240 - 0x20) - _t236;
													if( *(_t240 - 0x20) == _t236) {
														L63:
														goto L99;
													}
													E7098F2EF( *(_t240 - 0x20));
													L62:
													goto L63;
												}
												_push( *(_t240 - 0x20));
												E70988AB7(_t207, _t233, _t236, _t270);
												goto L62;
											}
											E7098F2EF( *(_t240 - 0x24));
											L57:
											goto L58;
										}
										_push( *(_t240 - 0x24));
										E70988AB7(_t207, _t233, 0, _t269);
										goto L57;
									}
									_t207 = LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233, 0, 0);
									 *(_t240 - 0x2c) = _t207;
									if(_t207 == 0) {
										goto L53;
									}
									if(( *(_t240 + 0x10) & 0x00000400) == 0) {
										 *(_t240 - 4) = 2;
										__eflags = _t207;
										if(_t207 <= 0) {
											L42:
											_t180 = 0;
											__eflags = 0;
											L43:
											 *(_t240 - 0x24) = _t180;
											 *(_t240 - 4) = _t236;
											__eflags =  *(_t240 - 0x24);
											if( *(_t240 - 0x24) != 0) {
												_t239 = 0;
												__eflags = 0;
												goto L48;
											} else {
												_t184 = E70988B9E(_t207, _t233, _t207 + _t207);
												 *(_t240 - 0x24) = _t184;
												_t239 = 0;
												__eflags = _t184;
												if(__eflags == 0) {
													goto L53;
												}
												 *(_t240 - 0x28) = 1;
												L48:
												__eflags = LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233,  *(_t240 - 0x24), _t207);
												if(__eflags != 0) {
													_push(_t239);
													_push(_t239);
													__eflags =  *(_t240 + 0x20) - _t239;
													if(__eflags != 0) {
														_push( *(_t240 + 0x20));
														_push( *(_t240 + 0x1c));
													} else {
														_push(_t239);
														_push(_t239);
													}
													_t207 = WideCharToMultiByte( *(_t240 + 0x24), _t239,  *(_t240 - 0x24), _t207, ??, ??, ??, ??);
												}
												goto L53;
											}
										}
										_t185 = 0xffffffe0;
										__eflags = _t185 / _t207 - 2;
										if(_t185 / _t207 < 2) {
											goto L42;
										}
										_t61 = _t207 + 8; // 0x8
										_t187 = _t207 + _t61;
										__eflags = _t187 - 0x400;
										if(_t187 > 0x400) {
											_push(0xdddd);
											_t188 = E70988B9E(_t207, _t233, _t187);
										} else {
											E70989680(_t187);
											 *((intOrPtr*)(_t240 - 0x18)) = _t241;
											_t188 = _t241;
											_push(0xcccc);
										}
										_push(_t188);
										_t180 = E7098F2D4();
										goto L43;
									}
									if( *(_t240 + 0x20) != 0 && _t207 <=  *(_t240 + 0x20)) {
										LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233,  *(_t240 + 0x1c),  *(_t240 + 0x20));
									}
									goto L53;
								} else {
									_t192 = E70988B9E(_t207, _t233, _t233 + _t233);
									 *(_t240 - 0x20) = _t192;
									if(_t192 == 0) {
										goto L69;
									}
									 *(_t240 - 0x34) = 1;
									goto L30;
								}
							}
							_t193 = 0xffffffe0;
							if(_t193 / _t233 < 2) {
								goto L25;
							}
							_t29 = _t233 + 8; // 0x8
							_t195 = _t233 + _t29;
							if(_t233 + _t29 > 0x400) {
								_push(0xdddd);
								_t196 = E70988B9E(_t207, _t233, _t195);
							} else {
								E70989680(_t195);
								 *((intOrPtr*)(_t240 - 0x18)) = _t241;
								_t196 = _t241;
								_push(0xcccc);
							}
							_push(_t196);
							_t172 = E7098F2D4();
							goto L26;
						}
					}
				}
				_t227 =  *(_t240 + 0x18);
				_t200 =  *(_t240 + 0x14);
				while(1) {
					_t227 = _t227 - 1;
					if( *_t200 == _t207) {
						break;
					}
					_t200 =  &(_t200[1]);
					if(_t227 != _t207) {
						continue;
					}
					_t227 = _t227 | 0xffffffff;
					break;
				}
				_t203 =  *(_t240 + 0x18) - _t227 - 1;
				if(_t203 <  *(_t240 + 0x18)) {
					_t203 = _t203 + 1;
				}
				 *(_t240 + 0x18) = _t203;
				goto L13;
			}


































                                                                                                                                0x7098f314
                                                                                                                                0x7098f314
                                                                                                                                0x7098f316
                                                                                                                                0x7098f31b
                                                                                                                                0x7098f320
                                                                                                                                0x7098f323
                                                                                                                                0x7098f325
                                                                                                                                0x7098f32b
                                                                                                                                0x7098f331
                                                                                                                                0x7098f346
                                                                                                                                0x7098f350
                                                                                                                                0x7098f356
                                                                                                                                0x7098f359
                                                                                                                                0x7098f35b
                                                                                                                                0x7098f35b
                                                                                                                                0x7098f348
                                                                                                                                0x7098f348
                                                                                                                                0x7098f348
                                                                                                                                0x7098f346
                                                                                                                                0x7098f368
                                                                                                                                0x7098f38c
                                                                                                                                0x7098f38c
                                                                                                                                0x7098f394
                                                                                                                                0x7098f607
                                                                                                                                0x7098f60a
                                                                                                                                0x7098f60c
                                                                                                                                0x7098f60f
                                                                                                                                0x7098f612
                                                                                                                                0x7098f615
                                                                                                                                0x7098f61f
                                                                                                                                0x7098f61f
                                                                                                                                0x7098f622
                                                                                                                                0x7098f624
                                                                                                                                0x7098f62b
                                                                                                                                0x7098f62e
                                                                                                                                0x7098f62e
                                                                                                                                0x7098f634
                                                                                                                                0x7098f63a
                                                                                                                                0x7098f63d
                                                                                                                                0x7098f640
                                                                                                                                0x7098f649
                                                                                                                                0x7098f64c
                                                                                                                                0x7098f799
                                                                                                                                0x7098f79b
                                                                                                                                0x7098f79b
                                                                                                                                0x7098f79f
                                                                                                                                0x7098f7a1
                                                                                                                                0x7098f7a4
                                                                                                                                0x7098f7a9
                                                                                                                                0x7098f7aa
                                                                                                                                0x7098f7ad
                                                                                                                                0x7098f7af
                                                                                                                                0x7098f7b1
                                                                                                                                0x7098f7b4
                                                                                                                                0x7098f7b6
                                                                                                                                0x7098f7b7
                                                                                                                                0x7098f7bc
                                                                                                                                0x7098f7b4
                                                                                                                                0x00000000
                                                                                                                                0x7098f7bd
                                                                                                                                0x7098f65f
                                                                                                                                0x7098f664
                                                                                                                                0x7098f667
                                                                                                                                0x7098f66a
                                                                                                                                0x7098f66c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f67a
                                                                                                                                0x7098f680
                                                                                                                                0x7098f683
                                                                                                                                0x7098f685
                                                                                                                                0x7098f68e
                                                                                                                                0x7098f691
                                                                                                                                0x7098f693
                                                                                                                                0x7098f6cb
                                                                                                                                0x7098f6cb
                                                                                                                                0x7098f6cb
                                                                                                                                0x7098f6cd
                                                                                                                                0x7098f6cd
                                                                                                                                0x7098f6cf
                                                                                                                                0x7098f6d2
                                                                                                                                0x7098f6f5
                                                                                                                                0x7098f6f7
                                                                                                                                0x7098f720
                                                                                                                                0x7098f730
                                                                                                                                0x7098f736
                                                                                                                                0x7098f739
                                                                                                                                0x7098f73b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f75a
                                                                                                                                0x7098f75c
                                                                                                                                0x7098f761
                                                                                                                                0x7098f763
                                                                                                                                0x7098f763
                                                                                                                                0x7098f766
                                                                                                                                0x7098f766
                                                                                                                                0x7098f76a
                                                                                                                                0x7098f774
                                                                                                                                0x7098f776
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f779
                                                                                                                                0x7098f77e
                                                                                                                                0x00000000
                                                                                                                                0x7098f77e
                                                                                                                                0x7098f76c
                                                                                                                                0x7098f76d
                                                                                                                                0x00000000
                                                                                                                                0x7098f6f9
                                                                                                                                0x7098f702
                                                                                                                                0x7098f704
                                                                                                                                0x7098f706
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f711
                                                                                                                                0x7098f716
                                                                                                                                0x7098f719
                                                                                                                                0x00000000
                                                                                                                                0x7098f719
                                                                                                                                0x7098f6f7
                                                                                                                                0x7098f695
                                                                                                                                0x7098f698
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f69a
                                                                                                                                0x7098f69d
                                                                                                                                0x7098f6a2
                                                                                                                                0x7098f6b5
                                                                                                                                0x7098f6bb
                                                                                                                                0x7098f6a4
                                                                                                                                0x7098f6a4
                                                                                                                                0x7098f6a9
                                                                                                                                0x7098f6ac
                                                                                                                                0x7098f6ae
                                                                                                                                0x7098f6ae
                                                                                                                                0x7098f6c1
                                                                                                                                0x7098f6c2
                                                                                                                                0x00000000
                                                                                                                                0x7098f6c8
                                                                                                                                0x7098f687
                                                                                                                                0x7098f687
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f3a2
                                                                                                                                0x7098f3a5
                                                                                                                                0x7098f642
                                                                                                                                0x7098f7bf
                                                                                                                                0x7098f7c7
                                                                                                                                0x7098f7c7
                                                                                                                                0x7098f3ab
                                                                                                                                0x7098f3ae
                                                                                                                                0x7098f3b1
                                                                                                                                0x7098f3b4
                                                                                                                                0x7098f3b9
                                                                                                                                0x7098f3c0
                                                                                                                                0x7098f3c3
                                                                                                                                0x7098f3c3
                                                                                                                                0x7098f3e5
                                                                                                                                0x7098f3e7
                                                                                                                                0x7098f3ea
                                                                                                                                0x7098f3ec
                                                                                                                                0x00000000
                                                                                                                                0x7098f3f2
                                                                                                                                0x7098f3f2
                                                                                                                                0x7098f3f9
                                                                                                                                0x7098f439
                                                                                                                                0x7098f439
                                                                                                                                0x7098f439
                                                                                                                                0x7098f43b
                                                                                                                                0x7098f43b
                                                                                                                                0x7098f440
                                                                                                                                0x7098f441
                                                                                                                                0x7098f466
                                                                                                                                0x7098f484
                                                                                                                                0x7098f49b
                                                                                                                                0x7098f5c4
                                                                                                                                0x7098f5c4
                                                                                                                                0x7098f5c6
                                                                                                                                0x7098f5c9
                                                                                                                                0x7098f5d5
                                                                                                                                0x7098f5d8
                                                                                                                                0x7098f5e3
                                                                                                                                0x7098f5e3
                                                                                                                                0x7098f5e6
                                                                                                                                0x7098f5f2
                                                                                                                                0x7098f5f5
                                                                                                                                0x7098f600
                                                                                                                                0x00000000
                                                                                                                                0x7098f600
                                                                                                                                0x7098f5fa
                                                                                                                                0x7098f5ff
                                                                                                                                0x00000000
                                                                                                                                0x7098f5ff
                                                                                                                                0x7098f5e8
                                                                                                                                0x7098f5eb
                                                                                                                                0x00000000
                                                                                                                                0x7098f5eb
                                                                                                                                0x7098f5dd
                                                                                                                                0x7098f5e2
                                                                                                                                0x00000000
                                                                                                                                0x7098f5e2
                                                                                                                                0x7098f5cb
                                                                                                                                0x7098f5ce
                                                                                                                                0x00000000
                                                                                                                                0x7098f5ce
                                                                                                                                0x7098f4b5
                                                                                                                                0x7098f4b7
                                                                                                                                0x7098f4bc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f4ca
                                                                                                                                0x7098f4fa
                                                                                                                                0x7098f501
                                                                                                                                0x7098f503
                                                                                                                                0x7098f540
                                                                                                                                0x7098f540
                                                                                                                                0x7098f540
                                                                                                                                0x7098f542
                                                                                                                                0x7098f542
                                                                                                                                0x7098f545
                                                                                                                                0x7098f567
                                                                                                                                0x7098f56b
                                                                                                                                0x7098f589
                                                                                                                                0x7098f589
                                                                                                                                0x00000000
                                                                                                                                0x7098f56d
                                                                                                                                0x7098f571
                                                                                                                                0x7098f577
                                                                                                                                0x7098f57a
                                                                                                                                0x7098f57c
                                                                                                                                0x7098f57e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f580
                                                                                                                                0x7098f58b
                                                                                                                                0x7098f59f
                                                                                                                                0x7098f5a1
                                                                                                                                0x7098f5a3
                                                                                                                                0x7098f5a4
                                                                                                                                0x7098f5a5
                                                                                                                                0x7098f5a8
                                                                                                                                0x7098f5ae
                                                                                                                                0x7098f5b1
                                                                                                                                0x7098f5aa
                                                                                                                                0x7098f5aa
                                                                                                                                0x7098f5ab
                                                                                                                                0x7098f5ab
                                                                                                                                0x7098f5c2
                                                                                                                                0x7098f5c2
                                                                                                                                0x00000000
                                                                                                                                0x7098f5a1
                                                                                                                                0x7098f56b
                                                                                                                                0x7098f507
                                                                                                                                0x7098f50c
                                                                                                                                0x7098f50f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f511
                                                                                                                                0x7098f511
                                                                                                                                0x7098f515
                                                                                                                                0x7098f517
                                                                                                                                0x7098f52a
                                                                                                                                0x7098f530
                                                                                                                                0x7098f519
                                                                                                                                0x7098f519
                                                                                                                                0x7098f51e
                                                                                                                                0x7098f521
                                                                                                                                0x7098f523
                                                                                                                                0x7098f523
                                                                                                                                0x7098f536
                                                                                                                                0x7098f537
                                                                                                                                0x00000000
                                                                                                                                0x7098f53d
                                                                                                                                0x7098f4d0
                                                                                                                                0x7098f4ef
                                                                                                                                0x7098f4ef
                                                                                                                                0x00000000
                                                                                                                                0x7098f468
                                                                                                                                0x7098f46c
                                                                                                                                0x7098f472
                                                                                                                                0x7098f477
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f47d
                                                                                                                                0x00000000
                                                                                                                                0x7098f47d
                                                                                                                                0x7098f466
                                                                                                                                0x7098f3fd
                                                                                                                                0x7098f405
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f407
                                                                                                                                0x7098f407
                                                                                                                                0x7098f410
                                                                                                                                0x7098f423
                                                                                                                                0x7098f429
                                                                                                                                0x7098f412
                                                                                                                                0x7098f412
                                                                                                                                0x7098f417
                                                                                                                                0x7098f41a
                                                                                                                                0x7098f41c
                                                                                                                                0x7098f41c
                                                                                                                                0x7098f42f
                                                                                                                                0x7098f430
                                                                                                                                0x00000000
                                                                                                                                0x7098f436
                                                                                                                                0x7098f3ec
                                                                                                                                0x7098f394
                                                                                                                                0x7098f36a
                                                                                                                                0x7098f36d
                                                                                                                                0x7098f370
                                                                                                                                0x7098f370
                                                                                                                                0x7098f373
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f375
                                                                                                                                0x7098f378
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098f37a
                                                                                                                                0x00000000
                                                                                                                                0x7098f37a
                                                                                                                                0x7098f382
                                                                                                                                0x7098f386
                                                                                                                                0x7098f388
                                                                                                                                0x7098f388
                                                                                                                                0x7098f389
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,70981E08,00000001,00000000,00000000,70993C40,0000002C,7098F801,?,?,?,?,?,?,?), ref: 7098F33E
                                                                                                                                • GetLastError.KERNEL32 ref: 7098F350
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,70993C40,0000002C,7098F801,?,?,?,?,?,?,?), ref: 7098F3DF
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 7098F412
                                                                                                                                • _malloc.LIBCMT ref: 7098F429
                                                                                                                                • _malloc.LIBCMT ref: 7098F46C
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 7098F493
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide_malloc$ErrorLastString__alloca_probe_16
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1250333920-0
                                                                                                                                • Opcode ID: 33a8197692df73bd966ff7f4a19180425de80b0e7e3bb49bc9a4be9a709cecbe
                                                                                                                                • Instruction ID: 005e2b68ea0a8f9e8c59e1cf6fdafadfcca5a4d51c588228f3c1573f63241b9e
                                                                                                                                • Opcode Fuzzy Hash: 33a8197692df73bd966ff7f4a19180425de80b0e7e3bb49bc9a4be9a709cecbe
                                                                                                                                • Instruction Fuzzy Hash: F8D17F72800219EFDF018FA4CC95ADE7BB9FB28714F20512AF506A63E0E7359D50DB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140CEC0, Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_clear_error.ADB ref: 0140CF20
                                                                                                                                  • Part of subcall function 014207E0: CRYPTO_get_thread_local.ADB(00000000,?,013FCB1D), ref: 014207E3
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,013FCB1D), ref: 014207F8
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142081E
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420845
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142086C
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420893
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208BA
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208E1
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420908
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420932
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420968
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 0142099E
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 014209D4
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420A0A
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420A40
                                                                                                                                • RSA_new_method.ADB(00000000), ref: 0140CF27
                                                                                                                                  • Part of subcall function 01409800: OPENSSL_malloc.ADB(00000060,?,?,?,014097F7,00000000), ref: 01409805
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140CF51
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 0140D01F
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c, xrefs: 0140D037, 0140D73E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$A_new_methodL_mallocN_num_bitsO_get_thread_localR_clear_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c
                                                                                                                                • API String ID: 816612221-1361718366
                                                                                                                                • Opcode ID: 6164cac8302fc668d178ff70c688afb344b857161ea4a389e1e5835dab058461
                                                                                                                                • Instruction ID: fa823cf3c5b192ba9dccae47d6738d852433440cdf735fd5b2221d077243cc29
                                                                                                                                • Opcode Fuzzy Hash: 6164cac8302fc668d178ff70c688afb344b857161ea4a389e1e5835dab058461
                                                                                                                                • Instruction Fuzzy Hash: 1961F4B1A003009FE751DF59D845B1BBBE0AF90714F09853EE94D5B3E6E7B1EA048B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F96D0, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 389COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: G_newN_num_bits
                                                                                                                                • String ID: @$external/boringssl/src/crypto/fipsmodule/ecdsa/ecdsa.c
                                                                                                                                • API String ID: 1757241617-4093400402
                                                                                                                                • Opcode ID: e439e664626cfe2759551206164fb57aa86f9ba0fa55bf2bb1a60f88c319a8a9
                                                                                                                                • Instruction ID: 977aa9a320d0eabd16b19f4be7a7067265c74d707e0dae1311f839a272be3d5a
                                                                                                                                • Opcode Fuzzy Hash: e439e664626cfe2759551206164fb57aa86f9ba0fa55bf2bb1a60f88c319a8a9
                                                                                                                                • Instruction Fuzzy Hash: 75025DB19147C29BE3208F18C885BABB7E4BFE9318F104B1DE9C89B551E7F59644C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140A9E0, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000090,external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c,00000246,?,?,?), ref: 0140AA34
                                                                                                                                • BN_num_bits.ADB(?,?,?), ref: 0140AA49
                                                                                                                                • OPENSSL_malloc.ADB(00000018,?,?,?), ref: 0140AA70
                                                                                                                                • OPENSSL_realloc.ADB(00000000,00000080,?,?,?), ref: 0140AAAE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocL_reallocN_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c
                                                                                                                                • API String ID: 1255681542-1361718366
                                                                                                                                • Opcode ID: 91ea3c5016968e852536271beed553d534e7fd858eca5eab1170483faaa37d57
                                                                                                                                • Instruction ID: 82ca26fa4c809de458b33a8d0f1c66b34314e526bb677a131cdb13a5a1b9f737
                                                                                                                                • Opcode Fuzzy Hash: 91ea3c5016968e852536271beed553d534e7fd858eca5eab1170483faaa37d57
                                                                                                                                • Instruction Fuzzy Hash: 4D5159B17403017BFB21AA16DD45F2B7AE8AF50708F14443EFA4E5B3E1E6B1E9418652
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043B3B5, Relevance: 33.4, APIs: 22, Instructions: 391COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 77%
                                                                                                                                			E7043B3B5(void* __ebx, int __edi, void* __esi, void* __eflags) {
				int _t140;
				int _t141;
				short* _t143;
				char* _t149;
				int _t151;
				int _t152;
				int _t153;
				void* _t160;
				intOrPtr _t161;
				short* _t172;
				short* _t180;
				short* _t184;
				signed int _t185;
				void* _t187;
				intOrPtr _t188;
				short* _t192;
				signed int _t193;
				intOrPtr _t196;
				char* _t200;
				int _t203;
				long _t205;
				int _t207;
				signed int _t227;
				void* _t228;
				signed int _t237;
				int _t239;
				void* _t240;
				intOrPtr _t241;
				intOrPtr _t243;
				void* _t246;
				void* _t259;

				_t233 = __edi;
				_push(0x2c);
				_push(0x7043ca50);
				E704357B4(__ebx, __edi, __esi);
				_t236 =  *(_t240 + 0x24);
				_t207 = 0;
				_t246 =  *0x7043f884 - _t207; // 0x1
				if(_t246 == 0) {
					_t233 = 1;
					if(LCMapStringW(0, 0x100, 0x70432eb8, 1, 0, 0) == 0) {
						_t205 = GetLastError();
						__eflags = _t205 - 0x78;
						if(_t205 == 0x78) {
							 *0x7043f884 = 2;
						}
					} else {
						 *0x7043f884 = 1;
					}
				}
				if( *(_t240 + 0x18) <= _t207) {
					L13:
					_t140 =  *0x7043f884; // 0x1
					if(_t140 == 2 || _t140 == _t207) {
						 *(_t240 - 0x2c) = _t207;
						_t233 = 0;
						 *(_t240 - 0x38) = _t207;
						 *(_t240 - 0x34) = _t207;
						__eflags =  *(_t240 + 0xc) - _t207;
						if( *(_t240 + 0xc) == _t207) {
							 *(_t240 + 0xc) =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 0x14);
						}
						__eflags = _t236 - _t207;
						if(_t236 == _t207) {
							_t236 =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 4);
							 *(_t240 + 0x24) = _t236;
						}
						_t141 = E7043BA50(_t207, _t228, _t233, _t236,  *(_t240 + 0xc));
						 *(_t240 - 0x30) = _t141;
						__eflags = _t141 - 0xffffffff;
						if(_t141 != 0xffffffff) {
							__eflags =  *(_t240 - 0x30) - _t236;
							if( *(_t240 - 0x30) == _t236) {
								_t236 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 + 0x14),  *(_t240 + 0x18),  *(_t240 + 0x1c),  *(_t240 + 0x20));
								L93:
								__eflags =  *(_t240 - 0x2c);
								if(__eflags != 0) {
									_push( *(_t240 - 0x2c));
									E70435202(_t207, _t233, _t236, __eflags);
								}
								_t143 =  *(_t240 - 0x38);
								__eflags = _t143;
								if(_t143 != 0) {
									__eflags =  *(_t240 + 0x1c) - _t143;
									if(__eflags != 0) {
										_push(_t143);
										E70435202(_t207, _t233, _t236, __eflags);
									}
								}
								goto L99;
							}
							_t149 = E7043BA9E(_t236,  *(_t240 - 0x30),  *(_t240 + 0x14), _t240 + 0x18, _t207, _t207);
							_t243 = _t241 + 0x18;
							 *(_t240 - 0x2c) = _t149;
							__eflags = _t149 - _t207;
							if(_t149 == _t207) {
								goto L69;
							}
							_t151 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10), _t149,  *(_t240 + 0x18), _t207, _t207);
							 *(_t240 - 0x28) = _t151;
							__eflags = _t151 - _t207;
							if(_t151 != _t207) {
								 *(_t240 - 4) = _t207;
								__eflags = _t151 - _t207;
								if(_t151 <= _t207) {
									L80:
									_t152 = 0;
									__eflags = 0;
									L81:
									_t233 = _t152;
									 *(_t240 - 0x3c) = _t233;
									 *(_t240 - 4) = 0xfffffffe;
									__eflags = _t233 - _t207;
									if(_t233 != _t207) {
										L85:
										_t153 = LCMapStringA( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x2c),  *(_t240 + 0x18), _t233,  *(_t240 - 0x28));
										 *(_t240 - 0x28) = _t153;
										__eflags = _t153 - _t207;
										if(_t153 == _t207) {
											goto L73;
										}
										_t237 = E7043BA9E( *(_t240 - 0x30),  *(_t240 + 0x24), _t233, _t240 - 0x28,  *(_t240 + 0x1c),  *(_t240 + 0x20));
										 *(_t240 - 0x38) = _t237;
										asm("sbb esi, esi");
										_t236 =  ~_t237 &  *(_t240 - 0x28);
										__eflags =  ~_t237 &  *(_t240 - 0x28);
										L87:
										__eflags =  *(_t240 - 0x34);
										if(__eflags == 0) {
											__eflags = _t233;
											if(_t233 == 0) {
												goto L93;
											}
											E7043B0EA(_t233);
											L91:
											goto L93;
										}
										_push(_t233);
										E70435202(_t207, _t233, _t236, __eflags);
										goto L91;
									} else {
										_t233 = E70435133(_t207, _t233,  *(_t240 - 0x28));
										__eflags = _t233 - _t207;
										if(_t233 == _t207) {
											goto L73;
										}
										E70435060(_t233, _t233, _t207,  *(_t240 - 0x28));
										_t243 = _t243 + 0xc;
										 *(_t240 - 0x34) = 1;
										goto L85;
									}
								}
								__eflags = _t151 - 0xffffffe0;
								if(_t151 > 0xffffffe0) {
									goto L80;
								}
								_t160 = _t151 + 8;
								__eflags = _t160 - 0x400;
								if(_t160 > 0x400) {
									_push(0xdddd);
									_t161 = E70435133(_t207, _t233, _t160);
								} else {
									E70435810(_t160);
									 *((intOrPtr*)(_t240 - 0x18)) = _t243;
									_t161 = _t243;
									_push(0xcccc);
								}
								_push(_t161);
								_t152 = E7043B0CF();
								goto L81;
							}
							L73:
							_t236 = 0;
							goto L87;
						} else {
							goto L69;
						}
					} else {
						if(_t140 != 1) {
							L69:
							L99:
							return E704357FC(_t207, _t233, _t236);
						}
						 *(_t240 - 0x2c) = _t207;
						 *(_t240 - 0x24) = _t207;
						 *(_t240 - 0x34) = _t207;
						 *(_t240 - 0x28) = _t207;
						if(_t236 == _t207) {
							_t236 =  *( *((intOrPtr*)( *((intOrPtr*)(_t240 + 8)))) + 4);
							 *(_t240 + 0x24) = _t236;
						}
						_t233 = MultiByteToWideChar(_t236, 1 + (0 |  *((intOrPtr*)(_t240 + 0x28)) != _t207) * 8,  *(_t240 + 0x14),  *(_t240 + 0x18), _t207, _t207);
						 *(_t240 - 0x30) = _t233;
						_t259 = _t233 - _t207;
						if(_t259 == 0) {
							goto L69;
						} else {
							 *(_t240 - 4) = 1;
							if(_t259 <= 0) {
								L25:
								_t172 = 0;
								__eflags = 0;
								L26:
								 *(_t240 - 0x20) = _t172;
								_t236 = 0xfffffffe;
								 *(_t240 - 4) = _t236;
								if( *(_t240 - 0x20) != 0) {
									L30:
									if(MultiByteToWideChar( *(_t240 + 0x24), 1,  *(_t240 + 0x14),  *(_t240 + 0x18),  *(_t240 - 0x20), _t233) == 0) {
										L53:
										_t236 = 0;
										_t269 =  *(_t240 - 0x28);
										if( *(_t240 - 0x28) == 0) {
											__eflags =  *(_t240 - 0x24);
											if(__eflags == 0) {
												L58:
												_t270 =  *(_t240 - 0x34) - _t236;
												if( *(_t240 - 0x34) == _t236) {
													__eflags =  *(_t240 - 0x20) - _t236;
													if( *(_t240 - 0x20) == _t236) {
														L63:
														goto L99;
													}
													E7043B0EA( *(_t240 - 0x20));
													L62:
													goto L63;
												}
												_push( *(_t240 - 0x20));
												E70435202(_t207, _t233, _t236, _t270);
												goto L62;
											}
											E7043B0EA( *(_t240 - 0x24));
											L57:
											goto L58;
										}
										_push( *(_t240 - 0x24));
										E70435202(_t207, _t233, 0, _t269);
										goto L57;
									}
									_t207 = LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233, 0, 0);
									 *(_t240 - 0x2c) = _t207;
									if(_t207 == 0) {
										goto L53;
									}
									if(( *(_t240 + 0x10) & 0x00000400) == 0) {
										 *(_t240 - 4) = 2;
										__eflags = _t207;
										if(_t207 <= 0) {
											L42:
											_t180 = 0;
											__eflags = 0;
											L43:
											 *(_t240 - 0x24) = _t180;
											 *(_t240 - 4) = _t236;
											__eflags =  *(_t240 - 0x24);
											if( *(_t240 - 0x24) != 0) {
												_t239 = 0;
												__eflags = 0;
												goto L48;
											} else {
												_t184 = E70435133(_t207, _t233, _t207 + _t207);
												 *(_t240 - 0x24) = _t184;
												_t239 = 0;
												__eflags = _t184;
												if(__eflags == 0) {
													goto L53;
												}
												 *(_t240 - 0x28) = 1;
												L48:
												__eflags = LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233,  *(_t240 - 0x24), _t207);
												if(__eflags != 0) {
													_push(_t239);
													_push(_t239);
													__eflags =  *(_t240 + 0x20) - _t239;
													if(__eflags != 0) {
														_push( *(_t240 + 0x20));
														_push( *(_t240 + 0x1c));
													} else {
														_push(_t239);
														_push(_t239);
													}
													_t207 = WideCharToMultiByte( *(_t240 + 0x24), _t239,  *(_t240 - 0x24), _t207, ??, ??, ??, ??);
												}
												goto L53;
											}
										}
										_t185 = 0xffffffe0;
										__eflags = _t185 / _t207 - 2;
										if(_t185 / _t207 < 2) {
											goto L42;
										}
										_t61 = _t207 + 8; // 0x8
										_t187 = _t207 + _t61;
										__eflags = _t187 - 0x400;
										if(_t187 > 0x400) {
											_push(0xdddd);
											_t188 = E70435133(_t207, _t233, _t187);
										} else {
											E70435810(_t187);
											 *((intOrPtr*)(_t240 - 0x18)) = _t241;
											_t188 = _t241;
											_push(0xcccc);
										}
										_push(_t188);
										_t180 = E7043B0CF();
										goto L43;
									}
									if( *(_t240 + 0x20) != 0 && _t207 <=  *(_t240 + 0x20)) {
										LCMapStringW( *(_t240 + 0xc),  *(_t240 + 0x10),  *(_t240 - 0x20), _t233,  *(_t240 + 0x1c),  *(_t240 + 0x20));
									}
									goto L53;
								} else {
									_t192 = E70435133(_t207, _t233, _t233 + _t233);
									 *(_t240 - 0x20) = _t192;
									if(_t192 == 0) {
										goto L69;
									}
									 *(_t240 - 0x34) = 1;
									goto L30;
								}
							}
							_t193 = 0xffffffe0;
							if(_t193 / _t233 < 2) {
								goto L25;
							}
							_t29 = _t233 + 8; // 0x8
							_t195 = _t233 + _t29;
							if(_t233 + _t29 > 0x400) {
								_push(0xdddd);
								_t196 = E70435133(_t207, _t233, _t195);
							} else {
								E70435810(_t195);
								 *((intOrPtr*)(_t240 - 0x18)) = _t241;
								_t196 = _t241;
								_push(0xcccc);
							}
							_push(_t196);
							_t172 = E7043B0CF();
							goto L26;
						}
					}
				}
				_t227 =  *(_t240 + 0x18);
				_t200 =  *(_t240 + 0x14);
				while(1) {
					_t227 = _t227 - 1;
					if( *_t200 == _t207) {
						break;
					}
					_t200 =  &(_t200[1]);
					if(_t227 != _t207) {
						continue;
					}
					_t227 = _t227 | 0xffffffff;
					break;
				}
				_t203 =  *(_t240 + 0x18) - _t227 - 1;
				if(_t203 <  *(_t240 + 0x18)) {
					_t203 = _t203 + 1;
				}
				 *(_t240 + 0x18) = _t203;
				goto L13;
			}


































                                                                                                                                0x7043b3b5
                                                                                                                                0x7043b3b5
                                                                                                                                0x7043b3b7
                                                                                                                                0x7043b3bc
                                                                                                                                0x7043b3c1
                                                                                                                                0x7043b3c4
                                                                                                                                0x7043b3c6
                                                                                                                                0x7043b3cc
                                                                                                                                0x7043b3d2
                                                                                                                                0x7043b3e7
                                                                                                                                0x7043b3f1
                                                                                                                                0x7043b3f7
                                                                                                                                0x7043b3fa
                                                                                                                                0x7043b3fc
                                                                                                                                0x7043b3fc
                                                                                                                                0x7043b3e9
                                                                                                                                0x7043b3e9
                                                                                                                                0x7043b3e9
                                                                                                                                0x7043b3e7
                                                                                                                                0x7043b409
                                                                                                                                0x7043b42d
                                                                                                                                0x7043b42d
                                                                                                                                0x7043b435
                                                                                                                                0x7043b6a8
                                                                                                                                0x7043b6ab
                                                                                                                                0x7043b6ad
                                                                                                                                0x7043b6b0
                                                                                                                                0x7043b6b3
                                                                                                                                0x7043b6b6
                                                                                                                                0x7043b6c0
                                                                                                                                0x7043b6c0
                                                                                                                                0x7043b6c3
                                                                                                                                0x7043b6c5
                                                                                                                                0x7043b6cc
                                                                                                                                0x7043b6cf
                                                                                                                                0x7043b6cf
                                                                                                                                0x7043b6d5
                                                                                                                                0x7043b6db
                                                                                                                                0x7043b6de
                                                                                                                                0x7043b6e1
                                                                                                                                0x7043b6ea
                                                                                                                                0x7043b6ed
                                                                                                                                0x7043b83a
                                                                                                                                0x7043b83c
                                                                                                                                0x7043b83c
                                                                                                                                0x7043b840
                                                                                                                                0x7043b842
                                                                                                                                0x7043b845
                                                                                                                                0x7043b84a
                                                                                                                                0x7043b84b
                                                                                                                                0x7043b84e
                                                                                                                                0x7043b850
                                                                                                                                0x7043b852
                                                                                                                                0x7043b855
                                                                                                                                0x7043b857
                                                                                                                                0x7043b858
                                                                                                                                0x7043b85d
                                                                                                                                0x7043b855
                                                                                                                                0x00000000
                                                                                                                                0x7043b85e
                                                                                                                                0x7043b700
                                                                                                                                0x7043b705
                                                                                                                                0x7043b708
                                                                                                                                0x7043b70b
                                                                                                                                0x7043b70d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b71b
                                                                                                                                0x7043b721
                                                                                                                                0x7043b724
                                                                                                                                0x7043b726
                                                                                                                                0x7043b72f
                                                                                                                                0x7043b732
                                                                                                                                0x7043b734
                                                                                                                                0x7043b76c
                                                                                                                                0x7043b76c
                                                                                                                                0x7043b76c
                                                                                                                                0x7043b76e
                                                                                                                                0x7043b76e
                                                                                                                                0x7043b770
                                                                                                                                0x7043b773
                                                                                                                                0x7043b796
                                                                                                                                0x7043b798
                                                                                                                                0x7043b7c1
                                                                                                                                0x7043b7d1
                                                                                                                                0x7043b7d7
                                                                                                                                0x7043b7da
                                                                                                                                0x7043b7dc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b7fb
                                                                                                                                0x7043b7fd
                                                                                                                                0x7043b802
                                                                                                                                0x7043b804
                                                                                                                                0x7043b804
                                                                                                                                0x7043b807
                                                                                                                                0x7043b807
                                                                                                                                0x7043b80b
                                                                                                                                0x7043b815
                                                                                                                                0x7043b817
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b81a
                                                                                                                                0x7043b81f
                                                                                                                                0x00000000
                                                                                                                                0x7043b81f
                                                                                                                                0x7043b80d
                                                                                                                                0x7043b80e
                                                                                                                                0x00000000
                                                                                                                                0x7043b79a
                                                                                                                                0x7043b7a3
                                                                                                                                0x7043b7a5
                                                                                                                                0x7043b7a7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b7b2
                                                                                                                                0x7043b7b7
                                                                                                                                0x7043b7ba
                                                                                                                                0x00000000
                                                                                                                                0x7043b7ba
                                                                                                                                0x7043b798
                                                                                                                                0x7043b736
                                                                                                                                0x7043b739
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b73b
                                                                                                                                0x7043b73e
                                                                                                                                0x7043b743
                                                                                                                                0x7043b756
                                                                                                                                0x7043b75c
                                                                                                                                0x7043b745
                                                                                                                                0x7043b745
                                                                                                                                0x7043b74a
                                                                                                                                0x7043b74d
                                                                                                                                0x7043b74f
                                                                                                                                0x7043b74f
                                                                                                                                0x7043b762
                                                                                                                                0x7043b763
                                                                                                                                0x00000000
                                                                                                                                0x7043b769
                                                                                                                                0x7043b728
                                                                                                                                0x7043b728
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b443
                                                                                                                                0x7043b446
                                                                                                                                0x7043b6e3
                                                                                                                                0x7043b860
                                                                                                                                0x7043b868
                                                                                                                                0x7043b868
                                                                                                                                0x7043b44c
                                                                                                                                0x7043b44f
                                                                                                                                0x7043b452
                                                                                                                                0x7043b455
                                                                                                                                0x7043b45a
                                                                                                                                0x7043b461
                                                                                                                                0x7043b464
                                                                                                                                0x7043b464
                                                                                                                                0x7043b486
                                                                                                                                0x7043b488
                                                                                                                                0x7043b48b
                                                                                                                                0x7043b48d
                                                                                                                                0x00000000
                                                                                                                                0x7043b493
                                                                                                                                0x7043b493
                                                                                                                                0x7043b49a
                                                                                                                                0x7043b4da
                                                                                                                                0x7043b4da
                                                                                                                                0x7043b4da
                                                                                                                                0x7043b4dc
                                                                                                                                0x7043b4dc
                                                                                                                                0x7043b4e1
                                                                                                                                0x7043b4e2
                                                                                                                                0x7043b507
                                                                                                                                0x7043b525
                                                                                                                                0x7043b53c
                                                                                                                                0x7043b665
                                                                                                                                0x7043b665
                                                                                                                                0x7043b667
                                                                                                                                0x7043b66a
                                                                                                                                0x7043b676
                                                                                                                                0x7043b679
                                                                                                                                0x7043b684
                                                                                                                                0x7043b684
                                                                                                                                0x7043b687
                                                                                                                                0x7043b693
                                                                                                                                0x7043b696
                                                                                                                                0x7043b6a1
                                                                                                                                0x00000000
                                                                                                                                0x7043b6a1
                                                                                                                                0x7043b69b
                                                                                                                                0x7043b6a0
                                                                                                                                0x00000000
                                                                                                                                0x7043b6a0
                                                                                                                                0x7043b689
                                                                                                                                0x7043b68c
                                                                                                                                0x00000000
                                                                                                                                0x7043b68c
                                                                                                                                0x7043b67e
                                                                                                                                0x7043b683
                                                                                                                                0x00000000
                                                                                                                                0x7043b683
                                                                                                                                0x7043b66c
                                                                                                                                0x7043b66f
                                                                                                                                0x00000000
                                                                                                                                0x7043b66f
                                                                                                                                0x7043b556
                                                                                                                                0x7043b558
                                                                                                                                0x7043b55d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b56b
                                                                                                                                0x7043b59b
                                                                                                                                0x7043b5a2
                                                                                                                                0x7043b5a4
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5e3
                                                                                                                                0x7043b5e3
                                                                                                                                0x7043b5e6
                                                                                                                                0x7043b608
                                                                                                                                0x7043b60c
                                                                                                                                0x7043b62a
                                                                                                                                0x7043b62a
                                                                                                                                0x00000000
                                                                                                                                0x7043b60e
                                                                                                                                0x7043b612
                                                                                                                                0x7043b618
                                                                                                                                0x7043b61b
                                                                                                                                0x7043b61d
                                                                                                                                0x7043b61f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b621
                                                                                                                                0x7043b62c
                                                                                                                                0x7043b640
                                                                                                                                0x7043b642
                                                                                                                                0x7043b644
                                                                                                                                0x7043b645
                                                                                                                                0x7043b646
                                                                                                                                0x7043b649
                                                                                                                                0x7043b64f
                                                                                                                                0x7043b652
                                                                                                                                0x7043b64b
                                                                                                                                0x7043b64b
                                                                                                                                0x7043b64c
                                                                                                                                0x7043b64c
                                                                                                                                0x7043b663
                                                                                                                                0x7043b663
                                                                                                                                0x00000000
                                                                                                                                0x7043b642
                                                                                                                                0x7043b60c
                                                                                                                                0x7043b5a8
                                                                                                                                0x7043b5ad
                                                                                                                                0x7043b5b0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b5b2
                                                                                                                                0x7043b5b2
                                                                                                                                0x7043b5b6
                                                                                                                                0x7043b5b8
                                                                                                                                0x7043b5cb
                                                                                                                                0x7043b5d1
                                                                                                                                0x7043b5ba
                                                                                                                                0x7043b5ba
                                                                                                                                0x7043b5bf
                                                                                                                                0x7043b5c2
                                                                                                                                0x7043b5c4
                                                                                                                                0x7043b5c4
                                                                                                                                0x7043b5d7
                                                                                                                                0x7043b5d8
                                                                                                                                0x00000000
                                                                                                                                0x7043b5de
                                                                                                                                0x7043b571
                                                                                                                                0x7043b590
                                                                                                                                0x7043b590
                                                                                                                                0x00000000
                                                                                                                                0x7043b509
                                                                                                                                0x7043b50d
                                                                                                                                0x7043b513
                                                                                                                                0x7043b518
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b51e
                                                                                                                                0x00000000
                                                                                                                                0x7043b51e
                                                                                                                                0x7043b507
                                                                                                                                0x7043b49e
                                                                                                                                0x7043b4a6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b4a8
                                                                                                                                0x7043b4a8
                                                                                                                                0x7043b4b1
                                                                                                                                0x7043b4c4
                                                                                                                                0x7043b4ca
                                                                                                                                0x7043b4b3
                                                                                                                                0x7043b4b3
                                                                                                                                0x7043b4b8
                                                                                                                                0x7043b4bb
                                                                                                                                0x7043b4bd
                                                                                                                                0x7043b4bd
                                                                                                                                0x7043b4d0
                                                                                                                                0x7043b4d1
                                                                                                                                0x00000000
                                                                                                                                0x7043b4d7
                                                                                                                                0x7043b48d
                                                                                                                                0x7043b435
                                                                                                                                0x7043b40b
                                                                                                                                0x7043b40e
                                                                                                                                0x7043b411
                                                                                                                                0x7043b411
                                                                                                                                0x7043b414
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b416
                                                                                                                                0x7043b419
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043b41b
                                                                                                                                0x00000000
                                                                                                                                0x7043b41b
                                                                                                                                0x7043b423
                                                                                                                                0x7043b427
                                                                                                                                0x7043b429
                                                                                                                                0x7043b429
                                                                                                                                0x7043b42a
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,70432EB8,00000001,00000000,00000000,7043CA50,0000002C,7043B8A2,?,?,?,?,?,?,?), ref: 7043B3DF
                                                                                                                                • GetLastError.KERNEL32 ref: 7043B3F1
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,7043CA50,0000002C,7043B8A2,?,?,?,?,?,?,?), ref: 7043B480
                                                                                                                                • _malloc.LIBCMT ref: 7043B4CA
                                                                                                                                • _malloc.LIBCMT ref: 7043B50D
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 7043B534
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide_malloc$ErrorLastString
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1021763555-0
                                                                                                                                • Opcode ID: e13db578a9ff4b863e2f0cd867047bfdd79e40ad76347ae49a3b8a0021501265
                                                                                                                                • Instruction ID: c56bed65876098f0915332a99188e2606817f35384bfb9d7e60a11c2b2e92ff8
                                                                                                                                • Opcode Fuzzy Hash: e13db578a9ff4b863e2f0cd867047bfdd79e40ad76347ae49a3b8a0021501265
                                                                                                                                • Instruction Fuzzy Hash: FAD18F72900219EFDF029FA0CD86BDEFBB5EB0C314F606129F616B6261C7398950DB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EFDE0, Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 250COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000077,external/boringssl/src/crypto/fipsmodule/bn/prime.c,0000031E), ref: 013EFE12
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/prime.c, xrefs: 013EFE07
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/prime.c
                                                                                                                                • API String ID: 1767461275-1767484530
                                                                                                                                • Opcode ID: 34094f9c5e380e06a0e221324e6a721dc2a9d443860cf89a97e8714f1e9ebeec
                                                                                                                                • Instruction ID: dfd1eb734529f3f956d6e793e8d14e5a4a7c9d32f487ab80763fec46610d55c9
                                                                                                                                • Opcode Fuzzy Hash: 34094f9c5e380e06a0e221324e6a721dc2a9d443860cf89a97e8714f1e9ebeec
                                                                                                                                • Instruction Fuzzy Hash: 3D81D9B16043019BEB149E5DD848B2BB7E9AF9474CF08452CFE4D87392E7B1E810CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014009A0, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 205COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmp
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 2811770509-1227443160
                                                                                                                                • Opcode ID: 562f37be22183a0db7f6f1b42437edf61661faa648ac48735a3bf9fae07cdd80
                                                                                                                                • Instruction ID: 352a6a8535099ab1d4fe5c85d74a60daa729e735a0b9caf8a9f5160e795cce7c
                                                                                                                                • Opcode Fuzzy Hash: 562f37be22183a0db7f6f1b42437edf61661faa648ac48735a3bf9fae07cdd80
                                                                                                                                • Instruction Fuzzy Hash: DB61E2B1A08301AFE7229F1ADC41B2FBBE4AF90784F04443EF989573A1D771E9458B52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7099148A, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 155libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 60%
                                                                                                                                			E7099148A(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t39;
				intOrPtr* _t41;
				signed int _t42;
				_Unknown_base(*)()* _t44;
				intOrPtr _t46;
				intOrPtr _t48;
				signed int _t52;
				signed int _t54;
				void* _t62;
				void* _t63;
				void* _t67;
				void* _t70;
				struct HINSTANCE__* _t71;
				intOrPtr _t72;
				intOrPtr* _t74;
				intOrPtr _t76;

				_t70 = __edx;
				_v20 = E70989D45();
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t76 =  *0x70997bdc; // 0x0
				if(_t76 != 0) {
					L9:
					_t27 =  *0x70997be8; // 0x0
					_t72 = _v20;
					__eflags = _t27 - _t72;
					if(_t27 == _t72) {
						L19:
						_t28 =  *0x70997be0; // 0x0
						__eflags = _t28 - _t72;
						if(_t28 != _t72) {
							_t32 =  *((intOrPtr*)(E70989D53(_t28)))();
							_v8 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								_t33 =  *0x70997be4; // 0x0
								__eflags = _t33 - _t72;
								if(_t33 != _t72) {
									_push(_v8);
									_v8 =  *((intOrPtr*)(E70989D53(_t33)))();
								}
							}
						}
						L23:
						_push(_a12);
						_push(_a8);
						_push(_a4);
						_push(_v8);
						return  *((intOrPtr*)(E70989D53( *0x70997bdc)))();
					}
					__eflags =  *0x70997bec - _t72; // 0x0
					if(__eflags == 0) {
						goto L19;
					}
					_t36 = E70989D53(_t27);
					_pop(_t62);
					_t37 =  *_t36();
					__eflags = _t37;
					if(_t37 == 0) {
						L14:
						_t39 = E70989AB1(_t62,  &_v16);
						_pop(_t63);
						__eflags = _t39;
						if(_t39 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t63, _t70, _t71, _t72);
						}
						__eflags = _v16 - 4;
						if(_v16 < 4) {
							_a12 = _a12 | 0x00040000;
						} else {
							_a12 = _a12 | 0x00200000;
						}
						goto L23;
					}
					_t41 = E70989D53( *0x70997bec);
					_t62 = _t37;
					_t42 =  *_t41(1,  &_v36, 0xc,  &_v24);
					__eflags = _t42;
					if(_t42 == 0) {
						goto L14;
					}
					__eflags = _v28 & 0x00000001;
					if((_v28 & 0x00000001) != 0) {
						goto L19;
					}
					goto L14;
				}
				_t71 = LoadLibraryExA("USER32.DLL", 0, 0);
				if(_t71 != 0) {
					_t44 = GetProcAddress(_t71, "MessageBoxA");
					__eflags = _t44;
					if(_t44 == 0) {
						goto L2;
					} else {
						_t46 = E70989CCD(_t44);
						 *_t74 = "GetActiveWindow";
						 *0x70997bdc = _t46;
						_t48 = E70989CCD(GetProcAddress(??, ??));
						 *_t74 = "GetLastActivePopup";
						 *0x70997be0 = _t48;
						 *0x70997be4 = E70989CCD(GetProcAddress(_t71, _t71));
						_t52 = E70989A70( &_v12);
						_pop(_t67);
						__eflags = _t52;
						if(_t52 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t67, _t70, _t71, GetProcAddress);
							_t74 = _t74 + 0x14;
						}
						__eflags = _v12 - 2;
						if(_v12 == 2) {
							_t54 = E70989CCD(GetProcAddress(_t71, "GetUserObjectInformationA"));
							 *0x70997bec = _t54;
							__eflags = _t54;
							if(_t54 != 0) {
								 *0x70997be8 = E70989CCD(GetProcAddress(_t71, "GetProcessWindowStation"));
							}
						}
						goto L9;
					}
				}
				L2:
				return 0;
			}



































                                                                                                                                0x7099148a
                                                                                                                                0x7099149c
                                                                                                                                0x7099149f
                                                                                                                                0x709914a2
                                                                                                                                0x709914a5
                                                                                                                                0x709914a8
                                                                                                                                0x709914ae
                                                                                                                                0x70991563
                                                                                                                                0x70991563
                                                                                                                                0x70991568
                                                                                                                                0x7099156b
                                                                                                                                0x7099156d
                                                                                                                                0x709915dc
                                                                                                                                0x709915dc
                                                                                                                                0x709915e1
                                                                                                                                0x709915e3
                                                                                                                                0x709915ec
                                                                                                                                0x709915ee
                                                                                                                                0x709915f1
                                                                                                                                0x709915f3
                                                                                                                                0x709915f5
                                                                                                                                0x709915fa
                                                                                                                                0x709915fc
                                                                                                                                0x709915fe
                                                                                                                                0x7099160a
                                                                                                                                0x7099160a
                                                                                                                                0x709915fc
                                                                                                                                0x709915f3
                                                                                                                                0x7099160d
                                                                                                                                0x7099160d
                                                                                                                                0x70991610
                                                                                                                                0x70991613
                                                                                                                                0x70991616
                                                                                                                                0x00000000
                                                                                                                                0x70991625
                                                                                                                                0x7099156f
                                                                                                                                0x70991575
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991578
                                                                                                                                0x7099157d
                                                                                                                                0x7099157e
                                                                                                                                0x70991580
                                                                                                                                0x70991582
                                                                                                                                0x709915a9
                                                                                                                                0x709915ad
                                                                                                                                0x709915b2
                                                                                                                                0x709915b3
                                                                                                                                0x709915b5
                                                                                                                                0x709915b7
                                                                                                                                0x709915b8
                                                                                                                                0x709915b9
                                                                                                                                0x709915ba
                                                                                                                                0x709915bb
                                                                                                                                0x709915bc
                                                                                                                                0x709915c1
                                                                                                                                0x709915c4
                                                                                                                                0x709915c8
                                                                                                                                0x709915d3
                                                                                                                                0x709915ca
                                                                                                                                0x709915ca
                                                                                                                                0x709915ca
                                                                                                                                0x00000000
                                                                                                                                0x709915c8
                                                                                                                                0x70991597
                                                                                                                                0x7099159c
                                                                                                                                0x7099159d
                                                                                                                                0x7099159f
                                                                                                                                0x709915a1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709915a3
                                                                                                                                0x709915a7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709915a7
                                                                                                                                0x709914c1
                                                                                                                                0x709914c5
                                                                                                                                0x709914da
                                                                                                                                0x709914dc
                                                                                                                                0x709914de
                                                                                                                                0x00000000
                                                                                                                                0x709914e0
                                                                                                                                0x709914e1
                                                                                                                                0x709914e6
                                                                                                                                0x709914ee
                                                                                                                                0x709914f6
                                                                                                                                0x709914fb
                                                                                                                                0x70991503
                                                                                                                                0x70991510
                                                                                                                                0x70991519
                                                                                                                                0x7099151f
                                                                                                                                0x70991520
                                                                                                                                0x70991522
                                                                                                                                0x70991524
                                                                                                                                0x70991525
                                                                                                                                0x70991526
                                                                                                                                0x70991527
                                                                                                                                0x70991528
                                                                                                                                0x70991529
                                                                                                                                0x7099152e
                                                                                                                                0x7099152e
                                                                                                                                0x70991531
                                                                                                                                0x70991535
                                                                                                                                0x70991540
                                                                                                                                0x70991546
                                                                                                                                0x7099154b
                                                                                                                                0x7099154d
                                                                                                                                0x7099155e
                                                                                                                                0x7099155e
                                                                                                                                0x7099154d
                                                                                                                                0x00000000
                                                                                                                                0x70991535
                                                                                                                                0x709914de
                                                                                                                                0x709914c7
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • LoadLibraryExA.KERNEL32(USER32.DLL,00000000,00000000,00000314,70997888,00000000,?,?,?,?,7098E704,70997888,Microsoft Visual C++ Runtime Library,00012010), ref: 709914BB
                                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 709914DA
                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 709914F3
                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 70991508
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 70991519
                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 7099153D
                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 70991555
                                                                                                                                • __get_amblksiz.LIBCMT ref: 709915AD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$LibraryLoad__get_amblksiz__get_wpgmptr
                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                • API String ID: 2538533512-232180764
                                                                                                                                • Opcode ID: 11d6dd3479caacb688045b85a428c3a635a3269d7d71cff4d6b18354d5aeb655
                                                                                                                                • Instruction ID: 23c816514f5ac0461f817d5f328c9280ea79c464333997633c2765b8b9e9d181
                                                                                                                                • Opcode Fuzzy Hash: 11d6dd3479caacb688045b85a428c3a635a3269d7d71cff4d6b18354d5aeb655
                                                                                                                                • Instruction Fuzzy Hash: 88419872D24214EECB01DFB6DC85A5E7BBCBB84214B25042EF416E63D0DB35EA409B97
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043A964, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 155libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 60%
                                                                                                                                			E7043A964(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t39;
				intOrPtr* _t41;
				signed int _t42;
				_Unknown_base(*)()* _t44;
				intOrPtr _t46;
				intOrPtr _t48;
				signed int _t52;
				signed int _t54;
				void* _t62;
				void* _t63;
				void* _t67;
				void* _t70;
				struct HINSTANCE__* _t71;
				intOrPtr _t72;
				intOrPtr* _t74;
				intOrPtr _t76;

				_t70 = __edx;
				_v20 = E70435EDB();
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t76 =  *0x7043f864; // 0x0
				if(_t76 != 0) {
					L9:
					_t27 =  *0x7043f870; // 0x0
					_t72 = _v20;
					__eflags = _t27 - _t72;
					if(_t27 == _t72) {
						L19:
						_t28 =  *0x7043f868; // 0x0
						__eflags = _t28 - _t72;
						if(_t28 != _t72) {
							_t32 =  *((intOrPtr*)(E70435EE9(_t28)))();
							_v8 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								_t33 =  *0x7043f86c; // 0x0
								__eflags = _t33 - _t72;
								if(_t33 != _t72) {
									_push(_v8);
									_v8 =  *((intOrPtr*)(E70435EE9(_t33)))();
								}
							}
						}
						L23:
						_push(_a12);
						_push(_a8);
						_push(_a4);
						_push(_v8);
						return  *((intOrPtr*)(E70435EE9( *0x7043f864)))();
					}
					__eflags =  *0x7043f874 - _t72; // 0x0
					if(__eflags == 0) {
						goto L19;
					}
					_t36 = E70435EE9(_t27);
					_pop(_t62);
					_t37 =  *_t36();
					__eflags = _t37;
					if(_t37 == 0) {
						L14:
						_t39 = E70435C47(_t62,  &_v16);
						_pop(_t63);
						__eflags = _t39;
						if(_t39 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t63, _t70, _t71, _t72);
						}
						__eflags = _v16 - 4;
						if(_v16 < 4) {
							_a12 = _a12 | 0x00040000;
						} else {
							_a12 = _a12 | 0x00200000;
						}
						goto L23;
					}
					_t41 = E70435EE9( *0x7043f874);
					_t62 = _t37;
					_t42 =  *_t41(1,  &_v36, 0xc,  &_v24);
					__eflags = _t42;
					if(_t42 == 0) {
						goto L14;
					}
					__eflags = _v28 & 0x00000001;
					if((_v28 & 0x00000001) != 0) {
						goto L19;
					}
					goto L14;
				}
				_t71 = LoadLibraryExA("USER32.DLL", 0, 0);
				if(_t71 != 0) {
					_t44 = GetProcAddress(_t71, "MessageBoxA");
					__eflags = _t44;
					if(_t44 == 0) {
						goto L2;
					} else {
						_t46 = E70435E63(_t44);
						 *_t74 = "GetActiveWindow";
						 *0x7043f864 = _t46;
						_t48 = E70435E63(GetProcAddress(??, ??));
						 *_t74 = "GetLastActivePopup";
						 *0x7043f868 = _t48;
						 *0x7043f86c = E70435E63(GetProcAddress(_t71, _t71));
						_t52 = E70435C06( &_v12);
						_pop(_t67);
						__eflags = _t52;
						if(_t52 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t67, _t70, _t71, GetProcAddress);
							_t74 = _t74 + 0x14;
						}
						__eflags = _v12 - 2;
						if(_v12 == 2) {
							_t54 = E70435E63(GetProcAddress(_t71, "GetUserObjectInformationA"));
							 *0x7043f874 = _t54;
							__eflags = _t54;
							if(_t54 != 0) {
								 *0x7043f870 = E70435E63(GetProcAddress(_t71, "GetProcessWindowStation"));
							}
						}
						goto L9;
					}
				}
				L2:
				return 0;
			}



































                                                                                                                                0x7043a964
                                                                                                                                0x7043a976
                                                                                                                                0x7043a979
                                                                                                                                0x7043a97c
                                                                                                                                0x7043a97f
                                                                                                                                0x7043a982
                                                                                                                                0x7043a988
                                                                                                                                0x7043aa3d
                                                                                                                                0x7043aa3d
                                                                                                                                0x7043aa42
                                                                                                                                0x7043aa45
                                                                                                                                0x7043aa47
                                                                                                                                0x7043aab6
                                                                                                                                0x7043aab6
                                                                                                                                0x7043aabb
                                                                                                                                0x7043aabd
                                                                                                                                0x7043aac6
                                                                                                                                0x7043aac8
                                                                                                                                0x7043aacb
                                                                                                                                0x7043aacd
                                                                                                                                0x7043aacf
                                                                                                                                0x7043aad4
                                                                                                                                0x7043aad6
                                                                                                                                0x7043aad8
                                                                                                                                0x7043aae4
                                                                                                                                0x7043aae4
                                                                                                                                0x7043aad6
                                                                                                                                0x7043aacd
                                                                                                                                0x7043aae7
                                                                                                                                0x7043aae7
                                                                                                                                0x7043aaea
                                                                                                                                0x7043aaed
                                                                                                                                0x7043aaf0
                                                                                                                                0x00000000
                                                                                                                                0x7043aaff
                                                                                                                                0x7043aa49
                                                                                                                                0x7043aa4f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043aa52
                                                                                                                                0x7043aa57
                                                                                                                                0x7043aa58
                                                                                                                                0x7043aa5a
                                                                                                                                0x7043aa5c
                                                                                                                                0x7043aa83
                                                                                                                                0x7043aa87
                                                                                                                                0x7043aa8c
                                                                                                                                0x7043aa8d
                                                                                                                                0x7043aa8f
                                                                                                                                0x7043aa91
                                                                                                                                0x7043aa92
                                                                                                                                0x7043aa93
                                                                                                                                0x7043aa94
                                                                                                                                0x7043aa95
                                                                                                                                0x7043aa96
                                                                                                                                0x7043aa9b
                                                                                                                                0x7043aa9e
                                                                                                                                0x7043aaa2
                                                                                                                                0x7043aaad
                                                                                                                                0x7043aaa4
                                                                                                                                0x7043aaa4
                                                                                                                                0x7043aaa4
                                                                                                                                0x00000000
                                                                                                                                0x7043aaa2
                                                                                                                                0x7043aa71
                                                                                                                                0x7043aa76
                                                                                                                                0x7043aa77
                                                                                                                                0x7043aa79
                                                                                                                                0x7043aa7b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043aa7d
                                                                                                                                0x7043aa81
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043aa81
                                                                                                                                0x7043a99b
                                                                                                                                0x7043a99f
                                                                                                                                0x7043a9b4
                                                                                                                                0x7043a9b6
                                                                                                                                0x7043a9b8
                                                                                                                                0x00000000
                                                                                                                                0x7043a9ba
                                                                                                                                0x7043a9bb
                                                                                                                                0x7043a9c0
                                                                                                                                0x7043a9c8
                                                                                                                                0x7043a9d0
                                                                                                                                0x7043a9d5
                                                                                                                                0x7043a9dd
                                                                                                                                0x7043a9ea
                                                                                                                                0x7043a9f3
                                                                                                                                0x7043a9f9
                                                                                                                                0x7043a9fa
                                                                                                                                0x7043a9fc
                                                                                                                                0x7043a9fe
                                                                                                                                0x7043a9ff
                                                                                                                                0x7043aa00
                                                                                                                                0x7043aa01
                                                                                                                                0x7043aa02
                                                                                                                                0x7043aa03
                                                                                                                                0x7043aa08
                                                                                                                                0x7043aa08
                                                                                                                                0x7043aa0b
                                                                                                                                0x7043aa0f
                                                                                                                                0x7043aa1a
                                                                                                                                0x7043aa20
                                                                                                                                0x7043aa25
                                                                                                                                0x7043aa27
                                                                                                                                0x7043aa38
                                                                                                                                0x7043aa38
                                                                                                                                0x7043aa27
                                                                                                                                0x00000000
                                                                                                                                0x7043aa0f
                                                                                                                                0x7043a9b8
                                                                                                                                0x7043a9a1
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • LoadLibraryExA.KERNEL32(USER32.DLL,00000000,00000000,00000314,7043F4B0,00000000,?,?,?,?,7043922C,7043F4B0,Microsoft Visual C++ Runtime Library,00012010), ref: 7043A995
                                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 7043A9B4
                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 7043A9CD
                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 7043A9E2
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 7043A9F3
                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 7043AA17
                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 7043AA2F
                                                                                                                                • __get_amblksiz.LIBCMT ref: 7043AA87
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$LibraryLoad__get_amblksiz__get_wpgmptr
                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                • API String ID: 2538533512-232180764
                                                                                                                                • Opcode ID: b517cc41a8e7472f3cedd4e8d61ce149890f14e69a5c16ec469e5fd0c6d40ab5
                                                                                                                                • Instruction ID: 6cf4879d655c29f04708085c0028c78d422aac9177c8f52180f473921c7f1505
                                                                                                                                • Opcode Fuzzy Hash: b517cc41a8e7472f3cedd4e8d61ce149890f14e69a5c16ec469e5fd0c6d40ab5
                                                                                                                                • Instruction Fuzzy Hash: 784155B3900215AFDF05BFB59E86A5EFAF8AB0C214FA0282DE502F2150DB3CD650CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098A17A, Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 111libraryloadermemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E7098A17A() {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t6;
				intOrPtr _t16;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t44;
				void* _t45;
				intOrPtr _t46;
				intOrPtr _t47;

				_t37 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x709972a4 = GetProcAddress(_t37, "FlsAlloc");
					 *0x709972a8 = GetProcAddress(_t37, "FlsGetValue");
					 *0x709972ac = GetProcAddress(_t37, "FlsSetValue");
					 *0x709972b0 = GetProcAddress(_t37, "FlsFree");
				}
				_t38 = TlsSetValue;
				_t44 =  *0x709972a4; // 0x532d285f
				if(_t44 == 0) {
					L6:
					 *0x709972a8 = TlsGetValue;
					 *0x709972a4 = E70989DCB;
					 *0x709972ac = _t38;
					 *0x709972b0 = TlsFree;
					goto L7;
				} else {
					_t45 =  *0x709972a8; // 0x532d28df
					if(_t45 == 0) {
						goto L6;
					}
					_t46 =  *0x709972ac; // 0x532d289f
					if(_t46 == 0) {
						goto L6;
					}
					_t47 =  *0x709972b0; // 0x532d281f
					if(_t47 != 0) {
						L7:
						_t6 = TlsAlloc();
						 *0x7099616c = _t6;
						if(_t6 == 0xffffffff || TlsSetValue(_t6,  *0x709972a8) == 0) {
							L11:
							return 0;
						} else {
							E70989C86();
							 *0x709972a4 = E70989CCD( *0x709972a4);
							 *0x709972a8 = E70989CCD( *0x709972a8);
							 *0x709972ac = E70989CCD( *0x709972ac);
							 *0x709972b0 = E70989CCD( *0x709972b0);
							if(E7098D8BC() != 0) {
								_push(E70989FB7);
								_t16 =  *((intOrPtr*)(E70989D53( *0x709972a4)))();
								 *0x70996170 = _t16;
								__eflags = _t16 - 0xffffffff;
								if(_t16 == 0xffffffff) {
									goto L10;
								}
								_t39 = E7098EF9D(1, 0x214);
								__eflags = _t39;
								if(_t39 == 0) {
									goto L10;
								}
								_push(_t39);
								_push( *0x70996170);
								__eflags =  *((intOrPtr*)(E70989D53( *0x709972ac)))();
								if(__eflags != 0) {
									_push(0);
									_push(_t39);
									E70989E4A(0, _t37, _t39, __eflags);
									 *(_t39 + 4) =  *(_t39 + 4) | 0xffffffff;
									return 1;
								}
								_push(_t39);
								E70988AB7(0, _t37, _t39, __eflags);
							}
							L10:
							E70989E08();
							goto L11;
						}
					}
					goto L6;
				}
			}















                                                                                                                                0x7098a18a
                                                                                                                                0x7098a190
                                                                                                                                0x7098a1a6
                                                                                                                                0x7098a1b3
                                                                                                                                0x7098a1c0
                                                                                                                                0x7098a1c7
                                                                                                                                0x7098a1c7
                                                                                                                                0x7098a1cc
                                                                                                                                0x7098a1d2
                                                                                                                                0x7098a1d8
                                                                                                                                0x7098a1f2
                                                                                                                                0x7098a1f7
                                                                                                                                0x7098a201
                                                                                                                                0x7098a20b
                                                                                                                                0x7098a211
                                                                                                                                0x00000000
                                                                                                                                0x7098a1da
                                                                                                                                0x7098a1da
                                                                                                                                0x7098a1e0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a1e2
                                                                                                                                0x7098a1e8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a1ea
                                                                                                                                0x7098a1f0
                                                                                                                                0x7098a216
                                                                                                                                0x7098a216
                                                                                                                                0x7098a21c
                                                                                                                                0x7098a224
                                                                                                                                0x7098a289
                                                                                                                                0x00000000
                                                                                                                                0x7098a233
                                                                                                                                0x7098a233
                                                                                                                                0x7098a249
                                                                                                                                0x7098a259
                                                                                                                                0x7098a269
                                                                                                                                0x7098a276
                                                                                                                                0x7098a282
                                                                                                                                0x7098a28f
                                                                                                                                0x7098a2a0
                                                                                                                                0x7098a2a2
                                                                                                                                0x7098a2a7
                                                                                                                                0x7098a2aa
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a2b8
                                                                                                                                0x7098a2bc
                                                                                                                                0x7098a2be
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a2c0
                                                                                                                                0x7098a2c1
                                                                                                                                0x7098a2d5
                                                                                                                                0x7098a2d7
                                                                                                                                0x7098a2e2
                                                                                                                                0x7098a2e3
                                                                                                                                0x7098a2e4
                                                                                                                                0x7098a2e9
                                                                                                                                0x00000000
                                                                                                                                0x7098a2f1
                                                                                                                                0x7098a2d9
                                                                                                                                0x7098a2da
                                                                                                                                0x7098a2df
                                                                                                                                0x7098a284
                                                                                                                                0x7098a284
                                                                                                                                0x00000000
                                                                                                                                0x7098a284
                                                                                                                                0x7098a224
                                                                                                                                0x00000000
                                                                                                                                0x7098a1f0

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,?,709876D1), ref: 7098A184
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 7098A19E
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 7098A1AB
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 7098A1B8
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 7098A1C5
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D65
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(00000005,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D7C
                                                                                                                                  • Part of subcall function 70989D53: RtlDecodePointer.NTDLL(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989DBB
                                                                                                                                • TlsAlloc.KERNEL32(?,?,?,709876D1), ref: 7098A216
                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,?,709876D1), ref: 7098A22D
                                                                                                                                • __mtterm.LIBCMT ref: 7098A284
                                                                                                                                • __calloc_crt.LIBCMT ref: 7098A2B3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$Value$AllocDecodeHandleModulePointer__calloc_crt__mtterm
                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                • API String ID: 229381159-3819984048
                                                                                                                                • Opcode ID: 6bb0c60eb852cdcd692143226f5e5c1475583ac7bb4f89de42c8be43f9b24599
                                                                                                                                • Instruction ID: 005bb5ecb522b4433d8bddbd39f78f879dd442ab5c224ebb5ea624f64a0f90a7
                                                                                                                                • Opcode Fuzzy Hash: 6bb0c60eb852cdcd692143226f5e5c1475583ac7bb4f89de42c8be43f9b24599
                                                                                                                                • Instruction Fuzzy Hash: A8314F738392519FD725DF768D44B0EBBADAB81268334063BF425A63F0DF35D440AA52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70436310, Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 111libraryloadermemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E70436310() {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t6;
				intOrPtr _t16;
				struct HINSTANCE__* _t37;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t44;
				void* _t45;
				intOrPtr _t46;
				intOrPtr _t47;

				_t37 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x7043ef0c = GetProcAddress(_t37, "FlsAlloc");
					 *0x7043ef10 = GetProcAddress(_t37, "FlsGetValue");
					 *0x7043ef14 = GetProcAddress(_t37, "FlsSetValue");
					 *0x7043ef18 = GetProcAddress(_t37, "FlsFree");
				}
				_t38 = TlsSetValue;
				_t44 =  *0x7043ef0c; // 0x532d285f
				if(_t44 == 0) {
					L6:
					 *0x7043ef10 = TlsGetValue;
					 *0x7043ef0c = E70435F61;
					 *0x7043ef14 = _t38;
					 *0x7043ef18 = TlsFree;
					goto L7;
				} else {
					_t45 =  *0x7043ef10; // 0x532d28df
					if(_t45 == 0) {
						goto L6;
					}
					_t46 =  *0x7043ef14; // 0x532d289f
					if(_t46 == 0) {
						goto L6;
					}
					_t47 =  *0x7043ef18; // 0x532d281f
					if(_t47 != 0) {
						L7:
						_t6 = TlsAlloc();
						 *0x7043e0f4 = _t6;
						if(_t6 == 0xffffffff || TlsSetValue(_t6,  *0x7043ef10) == 0) {
							L11:
							return 0;
						} else {
							E70435E1C();
							 *0x7043ef0c = E70435E63( *0x7043ef0c);
							 *0x7043ef10 = E70435E63( *0x7043ef10);
							 *0x7043ef14 = E70435E63( *0x7043ef14);
							 *0x7043ef18 = E70435E63( *0x7043ef18);
							if(E704383E4() != 0) {
								_push(E7043614D);
								_t16 =  *((intOrPtr*)(E70435EE9( *0x7043ef0c)))();
								 *0x7043e0f8 = _t16;
								__eflags = _t16 - 0xffffffff;
								if(_t16 == 0xffffffff) {
									goto L10;
								}
								_t39 = E7043A2BA(1, 0x214);
								__eflags = _t39;
								if(_t39 == 0) {
									goto L10;
								}
								_push(_t39);
								_push( *0x7043e0f8);
								__eflags =  *((intOrPtr*)(E70435EE9( *0x7043ef14)))();
								if(__eflags != 0) {
									_push(0);
									_push(_t39);
									E70435FE0(0, _t37, _t39, __eflags);
									 *(_t39 + 4) =  *(_t39 + 4) | 0xffffffff;
									return 1;
								}
								_push(_t39);
								E70435202(0, _t37, _t39, __eflags);
							}
							L10:
							E70435F9E();
							goto L11;
						}
					}
					goto L6;
				}
			}















                                                                                                                                0x70436320
                                                                                                                                0x70436326
                                                                                                                                0x7043633c
                                                                                                                                0x70436349
                                                                                                                                0x70436356
                                                                                                                                0x7043635d
                                                                                                                                0x7043635d
                                                                                                                                0x70436362
                                                                                                                                0x70436368
                                                                                                                                0x7043636e
                                                                                                                                0x70436388
                                                                                                                                0x7043638d
                                                                                                                                0x70436397
                                                                                                                                0x704363a1
                                                                                                                                0x704363a7
                                                                                                                                0x00000000
                                                                                                                                0x70436370
                                                                                                                                0x70436370
                                                                                                                                0x70436376
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436378
                                                                                                                                0x7043637e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436380
                                                                                                                                0x70436386
                                                                                                                                0x704363ac
                                                                                                                                0x704363ac
                                                                                                                                0x704363b2
                                                                                                                                0x704363ba
                                                                                                                                0x7043641f
                                                                                                                                0x00000000
                                                                                                                                0x704363c9
                                                                                                                                0x704363c9
                                                                                                                                0x704363df
                                                                                                                                0x704363ef
                                                                                                                                0x704363ff
                                                                                                                                0x7043640c
                                                                                                                                0x70436418
                                                                                                                                0x70436425
                                                                                                                                0x70436436
                                                                                                                                0x70436438
                                                                                                                                0x7043643d
                                                                                                                                0x70436440
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043644e
                                                                                                                                0x70436452
                                                                                                                                0x70436454
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436456
                                                                                                                                0x70436457
                                                                                                                                0x7043646b
                                                                                                                                0x7043646d
                                                                                                                                0x70436478
                                                                                                                                0x70436479
                                                                                                                                0x7043647a
                                                                                                                                0x7043647f
                                                                                                                                0x00000000
                                                                                                                                0x70436487
                                                                                                                                0x7043646f
                                                                                                                                0x70436470
                                                                                                                                0x70436475
                                                                                                                                0x7043641a
                                                                                                                                0x7043641a
                                                                                                                                0x00000000
                                                                                                                                0x7043641a
                                                                                                                                0x704363ba
                                                                                                                                0x00000000
                                                                                                                                0x70436386

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,?,70433FCF), ref: 7043631A
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 70436334
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 70436341
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 7043634E
                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 7043635B
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435EFB
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(00000006,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F12
                                                                                                                                  • Part of subcall function 70435EE9: RtlDecodePointer.NTDLL(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F51
                                                                                                                                • TlsAlloc.KERNEL32(?,?,?,70433FCF), ref: 704363AC
                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,?,70433FCF), ref: 704363C3
                                                                                                                                • __mtterm.LIBCMT ref: 7043641A
                                                                                                                                • __calloc_crt.LIBCMT ref: 70436449
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$Value$AllocDecodeHandleModulePointer__calloc_crt__mtterm
                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                • API String ID: 229381159-3819984048
                                                                                                                                • Opcode ID: 4f06dfbfa0ae59ed6cf01dbdd254e19427e4e77c5b7cb20ba52a1852602889e3
                                                                                                                                • Instruction ID: f5cfbf8acd848fb1e0d674ec17074cfb986eb060f847571d26d7a9f78366ebcc
                                                                                                                                • Opcode Fuzzy Hash: 4f06dfbfa0ae59ed6cf01dbdd254e19427e4e77c5b7cb20ba52a1852602889e3
                                                                                                                                • Instruction Fuzzy Hash: CC319D73806216BFD7009F73CD45A4EFEB4A70C218B71B53EE535B22B0D7B945408A59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709900E5, Relevance: 24.2, APIs: 16, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 83%
                                                                                                                                			E709900E5(int __ecx, signed int __edx, int _a4, signed int _a8, short* _a12, int _a16, short* _a20, int _a24, int _a28) {
				signed int _v8;
				char* _v12;
				int _v16;
				int _v20;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				int _t68;
				int _t69;
				int _t71;
				signed int _t73;
				signed int _t76;
				signed int _t80;
				signed int _t81;
				signed int _t83;
				void* _t85;
				char* _t86;
				signed int _t88;
				void* _t90;
				char* _t91;
				long _t99;
				char* _t100;
				void* _t102;
				signed int _t109;
				int _t113;
				signed int _t114;
				char* _t115;
				void* _t119;

				_t109 = __edx;
				_t66 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t66 ^ _t114;
				_t113 = LCMapStringW;
				_t100 = 0;
				_t112 = __ecx;
				_t119 =  *0x70997bd0 - _t100; // 0x0
				if(_t119 == 0) {
					if(LCMapStringW(0, 0x100, 0x70981e08, 1, 0, 0) == 0) {
						_t99 = GetLastError();
						__eflags = _t99 - 0x78;
						if(_t99 == 0x78) {
							 *0x70997bd0 = 2;
						}
					} else {
						 *0x70997bd0 = 1;
					}
				}
				if(_a16 > _t100) {
					_a16 = E7099191A(_a12, _a16);
				}
				_t68 =  *0x70997bd0; // 0x0
				if(_t68 != 1) {
					__eflags = _t68 - 2;
					if(_t68 == 2) {
						L11:
						_v16 = _t100;
						__eflags = _a4 - _t100;
						if(_a4 == _t100) {
							_a4 =  *((intOrPtr*)( *_t112 + 0x14));
						}
						__eflags = _a28 - _t100;
						if(_a28 == _t100) {
							_a28 =  *((intOrPtr*)( *_t112 + 4));
						}
						_t69 = E7099168F(_t100, _t109, _t112, _t113, _a4);
						_pop(_t102);
						__eflags = _a28 - _t69;
						if(_a28 != _t69) {
							__eflags = _t69 - 0xffffffff;
							if(_t69 != 0xffffffff) {
								_a28 = _t69;
							}
						}
						_t113 = WideCharToMultiByte;
						_t112 = WideCharToMultiByte(_a28, _t100, _a12, _a16, _t100, _t100, _t100, _t100);
						_v20 = _t112;
						__eflags = _t112 - _t100;
						if(__eflags != 0) {
							if(__eflags <= 0) {
								L29:
								_v12 = _t100;
								L30:
								__eflags = _v12 - _t100;
								if(_v12 == _t100) {
									goto L19;
								}
								_t73 = WideCharToMultiByte(_a28, _t100, _a12, _a16, _v12, _t112, _t100, _t100);
								__eflags = _t73;
								if(_t73 == 0) {
									L55:
									E7098F2EF(_v12);
									_t71 = _v16;
									goto L56;
								}
								_t112 = LCMapStringA;
								_t113 = LCMapStringA(_a4, _a8, _v12, LCMapStringA, _t100, _t100);
								__eflags = _t113 - _t100;
								if(__eflags == 0) {
									goto L55;
								}
								if(__eflags <= 0) {
									L42:
									__eflags = _t100;
									if(_t100 != 0) {
										_t76 = LCMapStringA(_a4, _a8, _v12, _v20, _t100, _t113);
										__eflags = _t76;
										if(_t76 != 0) {
											__eflags = _a8 & 0x00000400;
											if((_a8 & 0x00000400) == 0) {
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v16 = MultiByteToWideChar(_a28, 1, _t100, _t113, ??, ??);
											} else {
												_t80 = _a24;
												_t112 = 0;
												_v16 = _t113;
												__eflags = _t80;
												if(_t80 != 0) {
													__eflags = _t80 - _t113;
													if(_t80 <= _t113) {
														_t113 = _t80 - 1;
													}
													_t81 = E7098FFDB(_t102, _t109, _a20, _t80, _t100, _t113);
													__eflags = _t81;
													if(_t81 != 0) {
														_push(_t112);
														_push(_t112);
														_push(_t112);
														_push(_t112);
														_push(_t112);
														E7098C94B(_t100, _t102, _t109, _t112, _t113);
													}
												}
											}
										}
										E7098F2EF(_t100);
									}
									goto L55;
								}
								_t83 = 0xffffffe0;
								_t109 = _t83 % _t113;
								__eflags = _t83 / _t113 - 1;
								if(_t83 / _t113 < 1) {
									goto L42;
								}
								_t45 = _t113 + 8; // 0x8
								_t85 = _t45;
								__eflags = _t85 - 0x400;
								if(_t85 > 0x400) {
									_t86 = E70988B9E(_t100, LCMapStringA, _t85);
									_pop(_t102);
									__eflags = _t86 - _t100;
									if(_t86 == _t100) {
										L41:
										_t100 = _t86;
										goto L42;
									}
									 *_t86 = 0xdddd;
									L40:
									_t86 =  &(_t86[8]);
									__eflags = _t86;
									goto L41;
								}
								E70989680(_t85);
								_t86 = _t115;
								__eflags = _t86 - _t100;
								if(_t86 == _t100) {
									goto L41;
								}
								 *_t86 = 0xcccc;
								goto L40;
							}
							_t88 = 0xffffffe0;
							_t109 = _t88 % _t112;
							__eflags = _t88 / _t112 - 1;
							if(_t88 / _t112 < 1) {
								goto L29;
							}
							_t30 = _t112 + 8; // 0x8
							_t90 = _t30;
							__eflags = _t90 - 0x400;
							if(_t90 > 0x400) {
								_t91 = E70988B9E(_t100, _t112, _t90);
								_pop(_t102);
								__eflags = _t91 - _t100;
								if(_t91 == _t100) {
									L28:
									_v12 = _t91;
									goto L30;
								}
								 *_t91 = 0xdddd;
								L27:
								_t91 =  &(_t91[8]);
								__eflags = _t91;
								goto L28;
							}
							E70989680(_t90);
							_t91 = _t115;
							__eflags = _t91 - _t100;
							if(_t91 == _t100) {
								goto L28;
							}
							 *_t91 = 0xcccc;
							goto L27;
						} else {
							L19:
							_t71 = 0;
							goto L56;
						}
					}
					__eflags = _t68 - _t100;
					if(_t68 != _t100) {
						goto L19;
					}
					goto L11;
				} else {
					_t71 = LCMapStringW(_a4, _a8, _a12, _a16, _a20, _a24);
					L56:
					return E70987FB3(_t71, _t100, _v8 ^ _t114, _t109, _t112, _t113);
				}
			}

































                                                                                                                                0x709900e5
                                                                                                                                0x709900ed
                                                                                                                                0x709900f4
                                                                                                                                0x709900f9
                                                                                                                                0x709900ff
                                                                                                                                0x70990102
                                                                                                                                0x70990104
                                                                                                                                0x7099010a
                                                                                                                                0x7099011f
                                                                                                                                0x7099012d
                                                                                                                                0x70990133
                                                                                                                                0x70990136
                                                                                                                                0x70990138
                                                                                                                                0x70990138
                                                                                                                                0x70990121
                                                                                                                                0x70990121
                                                                                                                                0x70990121
                                                                                                                                0x7099011f
                                                                                                                                0x70990145
                                                                                                                                0x70990154
                                                                                                                                0x70990154
                                                                                                                                0x70990157
                                                                                                                                0x7099015f
                                                                                                                                0x7099017a
                                                                                                                                0x7099017d
                                                                                                                                0x70990183
                                                                                                                                0x70990183
                                                                                                                                0x70990186
                                                                                                                                0x70990189
                                                                                                                                0x70990190
                                                                                                                                0x70990190
                                                                                                                                0x70990193
                                                                                                                                0x70990196
                                                                                                                                0x7099019d
                                                                                                                                0x7099019d
                                                                                                                                0x709901a3
                                                                                                                                0x709901a8
                                                                                                                                0x709901a9
                                                                                                                                0x709901ac
                                                                                                                                0x709901ae
                                                                                                                                0x709901b1
                                                                                                                                0x709901b3
                                                                                                                                0x709901b3
                                                                                                                                0x709901b1
                                                                                                                                0x709901b6
                                                                                                                                0x709901cc
                                                                                                                                0x709901ce
                                                                                                                                0x709901d1
                                                                                                                                0x709901d3
                                                                                                                                0x709901dc
                                                                                                                                0x70990220
                                                                                                                                0x70990220
                                                                                                                                0x70990223
                                                                                                                                0x70990223
                                                                                                                                0x70990226
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70990238
                                                                                                                                0x7099023a
                                                                                                                                0x7099023c
                                                                                                                                0x7099031e
                                                                                                                                0x70990321
                                                                                                                                0x70990326
                                                                                                                                0x00000000
                                                                                                                                0x70990329
                                                                                                                                0x70990248
                                                                                                                                0x70990256
                                                                                                                                0x70990258
                                                                                                                                0x7099025a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70990260
                                                                                                                                0x709902a1
                                                                                                                                0x709902a1
                                                                                                                                0x709902a3
                                                                                                                                0x709902b3
                                                                                                                                0x709902b5
                                                                                                                                0x709902b7
                                                                                                                                0x709902b9
                                                                                                                                0x709902c0
                                                                                                                                0x709902f8
                                                                                                                                0x709902fb
                                                                                                                                0x70990301
                                                                                                                                0x70990304
                                                                                                                                0x709902fd
                                                                                                                                0x709902fd
                                                                                                                                0x709902fe
                                                                                                                                0x709902fe
                                                                                                                                0x70990314
                                                                                                                                0x709902c2
                                                                                                                                0x709902c2
                                                                                                                                0x709902c5
                                                                                                                                0x709902c7
                                                                                                                                0x709902ca
                                                                                                                                0x709902cc
                                                                                                                                0x709902ce
                                                                                                                                0x709902d0
                                                                                                                                0x709902d2
                                                                                                                                0x709902d2
                                                                                                                                0x709902db
                                                                                                                                0x709902e3
                                                                                                                                0x709902e5
                                                                                                                                0x709902e7
                                                                                                                                0x709902e8
                                                                                                                                0x709902e9
                                                                                                                                0x709902ea
                                                                                                                                0x709902eb
                                                                                                                                0x709902ec
                                                                                                                                0x709902f1
                                                                                                                                0x709902e5
                                                                                                                                0x709902cc
                                                                                                                                0x709902c0
                                                                                                                                0x70990318
                                                                                                                                0x7099031d
                                                                                                                                0x00000000
                                                                                                                                0x709902a3
                                                                                                                                0x70990266
                                                                                                                                0x70990267
                                                                                                                                0x70990269
                                                                                                                                0x7099026c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7099026e
                                                                                                                                0x7099026e
                                                                                                                                0x70990271
                                                                                                                                0x70990276
                                                                                                                                0x7099028c
                                                                                                                                0x70990291
                                                                                                                                0x70990292
                                                                                                                                0x70990294
                                                                                                                                0x7099029f
                                                                                                                                0x7099029f
                                                                                                                                0x00000000
                                                                                                                                0x7099029f
                                                                                                                                0x70990296
                                                                                                                                0x7099029c
                                                                                                                                0x7099029c
                                                                                                                                0x7099029c
                                                                                                                                0x00000000
                                                                                                                                0x7099029c
                                                                                                                                0x70990278
                                                                                                                                0x7099027d
                                                                                                                                0x7099027f
                                                                                                                                0x70990281
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70990283
                                                                                                                                0x00000000
                                                                                                                                0x70990283
                                                                                                                                0x709901e2
                                                                                                                                0x709901e3
                                                                                                                                0x709901e5
                                                                                                                                0x709901e8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709901ea
                                                                                                                                0x709901ea
                                                                                                                                0x709901ed
                                                                                                                                0x709901f2
                                                                                                                                0x70990208
                                                                                                                                0x7099020d
                                                                                                                                0x7099020e
                                                                                                                                0x70990210
                                                                                                                                0x7099021b
                                                                                                                                0x7099021b
                                                                                                                                0x00000000
                                                                                                                                0x7099021b
                                                                                                                                0x70990212
                                                                                                                                0x70990218
                                                                                                                                0x70990218
                                                                                                                                0x70990218
                                                                                                                                0x00000000
                                                                                                                                0x70990218
                                                                                                                                0x709901f4
                                                                                                                                0x709901f9
                                                                                                                                0x709901fb
                                                                                                                                0x709901fd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709901ff
                                                                                                                                0x00000000
                                                                                                                                0x709901d5
                                                                                                                                0x709901d5
                                                                                                                                0x709901d5
                                                                                                                                0x00000000
                                                                                                                                0x709901d5
                                                                                                                                0x709901d3
                                                                                                                                0x7099017f
                                                                                                                                0x70990181
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70990161
                                                                                                                                0x70990173
                                                                                                                                0x7099032a
                                                                                                                                0x7099033b
                                                                                                                                0x7099033b

                                                                                                                                APIs
                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,70981E08,00000001,00000000,00000000,?,00000000,00000000,?,?,?,?,00000001,831374C0,?), ref: 7099011B
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 7099012D
                                                                                                                                • _wcsnlen.LIBCMT ref: 7099014D
                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00000000,?,?,?,?,00000001,831374C0,?), ref: 70990173
                                                                                                                                • ___ansicp.LIBCMT ref: 709901A3
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,?,00000001), ref: 709901CA
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 709901F4
                                                                                                                                • _malloc.LIBCMT ref: 70990208
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 70990238
                                                                                                                                • LCMapStringA.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 70990254
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 70990278
                                                                                                                                • _malloc.LIBCMT ref: 7099028C
                                                                                                                                • LCMapStringA.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 709902B3
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00000000,?,?), ref: 7099030E
                                                                                                                                • __freea.LIBCMT ref: 70990318
                                                                                                                                • __freea.LIBCMT ref: 70990321
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: String$ByteCharMultiWide$__alloca_probe_16__freea_malloc$ErrorLast___ansicp_wcsnlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1148241884-0
                                                                                                                                • Opcode ID: ceef637cbee976c4a012fc740142a431212f1fb56da0b3de4aef56b808c6da6f
                                                                                                                                • Instruction ID: 094378af6793362a4c7aa1736cc42829f3670a052adb1f4e072a8a9dc94a6fb3
                                                                                                                                • Opcode Fuzzy Hash: ceef637cbee976c4a012fc740142a431212f1fb56da0b3de4aef56b808c6da6f
                                                                                                                                • Instruction Fuzzy Hash: AA719172824109EFEF418F50CD85AAE7BBEFBC8354F100429F926E6260D731DC909B66
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098E5BF, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 150fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 59%
                                                                                                                                			E7098E5BF(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t13;
				void _t15;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t26;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				void* _t50;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t40 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t48 = 0;
				_t43 = _a4;
				_v8 = 0;
				while(_t43 !=  *((intOrPtr*)(0x70996a70 + _t48 * 8))) {
					_t48 = _t48 + 1;
					_v8 = _t48;
					if(_t48 < 0x17) {
						continue;
					}
					break;
				}
				if(_t48 >= 0x17) {
					L25:
					return _t13;
				}
				if(E70991631(0, _t40, _t43, 3) == 1) {
					L20:
					_t13 = GetStdHandle(0xfffffff4);
					_t45 = _t13;
					if(_t45 != 0 && _t45 != 0xffffffff) {
						_t41 =  *(0x70996a74 + _t48 * 8);
						_t37 = _t41;
						_t50 = _t37 + 1;
						do {
							_t15 =  *_t37;
							_t37 = _t37 + 1;
						} while (_t15 != 0);
						_t13 = WriteFile(_t45, _t41, _t37 - _t50,  &_v12, 0);
					}
					goto L25;
				}
				_t13 = E70991631(0, _t40, _t43, 3);
				_pop(_t39);
				if(_t13 != 0 ||  *0x70997254 != 1) {
					if(_t43 != 0xfc) {
						_t17 = E7098EBB0(_t40, 0x70997888, 0x314, "Runtime Error!\n\nProgram: ");
						_t53 = _t52 + 0xc;
						if(_t17 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t39, _t40, 0x314, 0x70997888);
							_t53 = _t53 + 0x14;
						}
						 *0x709979a5 = 0;
						if(GetModuleFileNameA(0, 0x709978a1, 0x104) == 0) {
							_t26 = E7098EBB0(_t40, 0x709978a1, 0x2fb, "<program name unknown>");
							_t53 = _t53 + 0xc;
							if(_t26 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E7098C94B(0x709978a1, _t39, _t40, 0x314, 0x70997888);
								_t53 = _t53 + 0x14;
							}
						}
						_t19 = E7098FF0B(_t39, _t40, 0x70997888, 0x314, 0x709978a1);
						_t54 = _t53 + 0xc;
						if(_t19 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t39, _t40, 0x314, 0x70997888);
							_t54 = _t54 + 0x14;
						}
						_t20 = E7098FF0B(_t39, _t40, 0x70997888, 0x314, "\n\n");
						_t55 = _t54 + 0xc;
						if(_t20 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t39, _t40, 0x314, 0x70997888);
							_t55 = _t55 + 0x14;
						}
						_t22 = E7098FF0B(_t39, _t40, 0x70997888, 0x314,  *((intOrPtr*)(0x70996a74 + _v8 * 8)));
						_t56 = _t55 + 0xc;
						if(_t22 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7098C94B(0, _t39, _t40, 0x314, 0x70997888);
							_t56 = _t56 + 0x14;
						}
						_t13 = E7099148A(_t40, 0x70997888, "Microsoft Visual C++ Runtime Library", 0x12010);
					}
					goto L25;
				} else {
					goto L20;
				}
			}




























                                                                                                                                0x7098e5bf
                                                                                                                                0x7098e5c4
                                                                                                                                0x7098e5c5
                                                                                                                                0x7098e5ca
                                                                                                                                0x7098e5cd
                                                                                                                                0x7098e5d0
                                                                                                                                0x7098e5d3
                                                                                                                                0x7098e5dc
                                                                                                                                0x7098e5dd
                                                                                                                                0x7098e5e3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098e5e3
                                                                                                                                0x7098e5e8
                                                                                                                                0x7098e73f
                                                                                                                                0x7098e743
                                                                                                                                0x7098e743
                                                                                                                                0x7098e5f9
                                                                                                                                0x7098e709
                                                                                                                                0x7098e70b
                                                                                                                                0x7098e711
                                                                                                                                0x7098e715
                                                                                                                                0x7098e71c
                                                                                                                                0x7098e723
                                                                                                                                0x7098e725
                                                                                                                                0x7098e728
                                                                                                                                0x7098e728
                                                                                                                                0x7098e72a
                                                                                                                                0x7098e72b
                                                                                                                                0x7098e739
                                                                                                                                0x7098e739
                                                                                                                                0x00000000
                                                                                                                                0x7098e715
                                                                                                                                0x7098e601
                                                                                                                                0x7098e606
                                                                                                                                0x7098e609
                                                                                                                                0x7098e61e
                                                                                                                                0x7098e635
                                                                                                                                0x7098e63a
                                                                                                                                0x7098e63f
                                                                                                                                0x7098e641
                                                                                                                                0x7098e642
                                                                                                                                0x7098e643
                                                                                                                                0x7098e644
                                                                                                                                0x7098e645
                                                                                                                                0x7098e646
                                                                                                                                0x7098e64b
                                                                                                                                0x7098e64b
                                                                                                                                0x7098e64e
                                                                                                                                0x7098e669
                                                                                                                                0x7098e676
                                                                                                                                0x7098e67b
                                                                                                                                0x7098e680
                                                                                                                                0x7098e684
                                                                                                                                0x7098e685
                                                                                                                                0x7098e686
                                                                                                                                0x7098e687
                                                                                                                                0x7098e688
                                                                                                                                0x7098e689
                                                                                                                                0x7098e68e
                                                                                                                                0x7098e68e
                                                                                                                                0x7098e680
                                                                                                                                0x7098e694
                                                                                                                                0x7098e699
                                                                                                                                0x7098e6a0
                                                                                                                                0x7098e6a2
                                                                                                                                0x7098e6a3
                                                                                                                                0x7098e6a4
                                                                                                                                0x7098e6a5
                                                                                                                                0x7098e6a6
                                                                                                                                0x7098e6a7
                                                                                                                                0x7098e6ac
                                                                                                                                0x7098e6ac
                                                                                                                                0x7098e6b6
                                                                                                                                0x7098e6bb
                                                                                                                                0x7098e6c0
                                                                                                                                0x7098e6c2
                                                                                                                                0x7098e6c3
                                                                                                                                0x7098e6c4
                                                                                                                                0x7098e6c5
                                                                                                                                0x7098e6c6
                                                                                                                                0x7098e6c7
                                                                                                                                0x7098e6cc
                                                                                                                                0x7098e6cc
                                                                                                                                0x7098e6db
                                                                                                                                0x7098e6e0
                                                                                                                                0x7098e6e5
                                                                                                                                0x7098e6e7
                                                                                                                                0x7098e6e8
                                                                                                                                0x7098e6e9
                                                                                                                                0x7098e6ea
                                                                                                                                0x7098e6eb
                                                                                                                                0x7098e6ec
                                                                                                                                0x7098e6f1
                                                                                                                                0x7098e6f1
                                                                                                                                0x7098e6ff
                                                                                                                                0x7098e704
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • __set_error_mode.LIBCMT ref: 7098E5F0
                                                                                                                                • __set_error_mode.LIBCMT ref: 7098E601
                                                                                                                                • _strcpy_s.LIBCMT ref: 7098E635
                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,709978A1,00000104,?,70986DBD,?), ref: 7098E661
                                                                                                                                • _strcpy_s.LIBCMT ref: 7098E676
                                                                                                                                • _strcat_s.LIBCMT ref: 7098E694
                                                                                                                                • _strcat_s.LIBCMT ref: 7098E6B6
                                                                                                                                • _strcat_s.LIBCMT ref: 7098E6DB
                                                                                                                                • GetStdHandle.KERNEL32(000000F4,00000001,?,00000000,00000003,00000003,?,7098E775,000000FC,7098D9AB,70993BA0,0000000C,7098DA6D,70986DBD,?), ref: 7098E70B
                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,70986DBD,00000000,?,7098E775,000000FC,7098D9AB,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180), ref: 7098E739
                                                                                                                                Strings
                                                                                                                                • Runtime Error!Program: , xrefs: 7098E624
                                                                                                                                • Microsoft Visual C++ Runtime Library, xrefs: 7098E6F9
                                                                                                                                • <program name unknown>, xrefs: 7098E66B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _strcat_s$File__set_error_mode_strcpy_s$HandleModuleNameWrite
                                                                                                                                • String ID: <program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                • API String ID: 192105531-385325454
                                                                                                                                • Opcode ID: e9caa0288adc1c2f9c8a6adbdaceffb15a21fbe925c79af621238014f42765d5
                                                                                                                                • Instruction ID: f1388251a45d81aecf66733a30459a5813bd92a7d462323903f92458b253521a
                                                                                                                                • Opcode Fuzzy Hash: e9caa0288adc1c2f9c8a6adbdaceffb15a21fbe925c79af621238014f42765d5
                                                                                                                                • Instruction Fuzzy Hash: E3310DE2A142017EE70157258CA5FAF367D9BD225CB15017DF903A63D1FA29DD0181B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704390E7, Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 150fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 59%
                                                                                                                                			E704390E7(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _OVERLAPPED* _v8;
				long _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t13;
				void _t15;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t26;
				void* _t37;
				void* _t39;
				void* _t40;
				void* _t41;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				void* _t50;
				void* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t40 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t48 = 0;
				_t43 = _a4;
				_v8 = 0;
				while(_t43 !=  *((intOrPtr*)(0x7043e270 + _t48 * 8))) {
					_t48 = _t48 + 1;
					_v8 = _t48;
					if(_t48 < 0x17) {
						continue;
					}
					break;
				}
				if(_t48 >= 0x17) {
					L25:
					return _t13;
				}
				if(E7043AB84(0, _t40, _t43, 3) == 1) {
					L20:
					_t13 = GetStdHandle(0xfffffff4);
					_t45 = _t13;
					if(_t45 != 0 && _t45 != 0xffffffff) {
						_t41 =  *(0x7043e274 + _t48 * 8);
						_t37 = _t41;
						_t50 = _t37 + 1;
						do {
							_t15 =  *_t37;
							_t37 = _t37 + 1;
						} while (_t15 != 0);
						_t13 = WriteFile(_t45, _t41, _t37 - _t50,  &_v12, 0);
					}
					goto L25;
				}
				_t13 = E7043AB84(0, _t40, _t43, 3);
				_pop(_t39);
				if(_t13 != 0 ||  *0x7043eebc != 1) {
					if(_t43 != 0xfc) {
						_t17 = E70439400(_t40, 0x7043f4b0, 0x314, "Runtime Error!\n\nProgram: ");
						_t53 = _t52 + 0xc;
						if(_t17 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t39, _t40, 0x314, 0x7043f4b0);
							_t53 = _t53 + 0x14;
						}
						 *0x7043f5cd = 0;
						if(GetModuleFileNameA(0, 0x7043f4c9, 0x104) == 0) {
							_t26 = E70439400(_t40, 0x7043f4c9, 0x2fb, "<program name unknown>");
							_t53 = _t53 + 0xc;
							if(_t26 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E7043930E(0x7043f4c9, _t39, _t40, 0x314, 0x7043f4b0);
								_t53 = _t53 + 0x14;
							}
						}
						_t19 = E7043AB0B(_t39, _t40, 0x7043f4b0, 0x314, 0x7043f4c9);
						_t54 = _t53 + 0xc;
						if(_t19 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t39, _t40, 0x314, 0x7043f4b0);
							_t54 = _t54 + 0x14;
						}
						_t20 = E7043AB0B(_t39, _t40, 0x7043f4b0, 0x314, "\n\n");
						_t55 = _t54 + 0xc;
						if(_t20 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t39, _t40, 0x314, 0x7043f4b0);
							_t55 = _t55 + 0x14;
						}
						_t22 = E7043AB0B(_t39, _t40, 0x7043f4b0, 0x314,  *((intOrPtr*)(0x7043e274 + _v8 * 8)));
						_t56 = _t55 + 0xc;
						if(_t22 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E7043930E(0, _t39, _t40, 0x314, 0x7043f4b0);
							_t56 = _t56 + 0x14;
						}
						_t13 = E7043A964(_t40, 0x7043f4b0, "Microsoft Visual C++ Runtime Library", 0x12010);
					}
					goto L25;
				} else {
					goto L20;
				}
			}




























                                                                                                                                0x704390e7
                                                                                                                                0x704390ec
                                                                                                                                0x704390ed
                                                                                                                                0x704390f2
                                                                                                                                0x704390f5
                                                                                                                                0x704390f8
                                                                                                                                0x704390fb
                                                                                                                                0x70439104
                                                                                                                                0x70439105
                                                                                                                                0x7043910b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043910b
                                                                                                                                0x70439110
                                                                                                                                0x70439267
                                                                                                                                0x7043926b
                                                                                                                                0x7043926b
                                                                                                                                0x70439121
                                                                                                                                0x70439231
                                                                                                                                0x70439233
                                                                                                                                0x70439239
                                                                                                                                0x7043923d
                                                                                                                                0x70439244
                                                                                                                                0x7043924b
                                                                                                                                0x7043924d
                                                                                                                                0x70439250
                                                                                                                                0x70439250
                                                                                                                                0x70439252
                                                                                                                                0x70439253
                                                                                                                                0x70439261
                                                                                                                                0x70439261
                                                                                                                                0x00000000
                                                                                                                                0x7043923d
                                                                                                                                0x70439129
                                                                                                                                0x7043912e
                                                                                                                                0x70439131
                                                                                                                                0x70439146
                                                                                                                                0x7043915d
                                                                                                                                0x70439162
                                                                                                                                0x70439167
                                                                                                                                0x70439169
                                                                                                                                0x7043916a
                                                                                                                                0x7043916b
                                                                                                                                0x7043916c
                                                                                                                                0x7043916d
                                                                                                                                0x7043916e
                                                                                                                                0x70439173
                                                                                                                                0x70439173
                                                                                                                                0x70439176
                                                                                                                                0x70439191
                                                                                                                                0x7043919e
                                                                                                                                0x704391a3
                                                                                                                                0x704391a8
                                                                                                                                0x704391ac
                                                                                                                                0x704391ad
                                                                                                                                0x704391ae
                                                                                                                                0x704391af
                                                                                                                                0x704391b0
                                                                                                                                0x704391b1
                                                                                                                                0x704391b6
                                                                                                                                0x704391b6
                                                                                                                                0x704391a8
                                                                                                                                0x704391bc
                                                                                                                                0x704391c1
                                                                                                                                0x704391c8
                                                                                                                                0x704391ca
                                                                                                                                0x704391cb
                                                                                                                                0x704391cc
                                                                                                                                0x704391cd
                                                                                                                                0x704391ce
                                                                                                                                0x704391cf
                                                                                                                                0x704391d4
                                                                                                                                0x704391d4
                                                                                                                                0x704391de
                                                                                                                                0x704391e3
                                                                                                                                0x704391e8
                                                                                                                                0x704391ea
                                                                                                                                0x704391eb
                                                                                                                                0x704391ec
                                                                                                                                0x704391ed
                                                                                                                                0x704391ee
                                                                                                                                0x704391ef
                                                                                                                                0x704391f4
                                                                                                                                0x704391f4
                                                                                                                                0x70439203
                                                                                                                                0x70439208
                                                                                                                                0x7043920d
                                                                                                                                0x7043920f
                                                                                                                                0x70439210
                                                                                                                                0x70439211
                                                                                                                                0x70439212
                                                                                                                                0x70439213
                                                                                                                                0x70439214
                                                                                                                                0x70439219
                                                                                                                                0x70439219
                                                                                                                                0x70439227
                                                                                                                                0x7043922c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • __set_error_mode.LIBCMT ref: 70439118
                                                                                                                                • __set_error_mode.LIBCMT ref: 70439129
                                                                                                                                • _strcpy_s.LIBCMT ref: 7043915D
                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,7043F4C9,00000104,?,70433EBE,00000000), ref: 70439189
                                                                                                                                • _strcpy_s.LIBCMT ref: 7043919E
                                                                                                                                • _strcat_s.LIBCMT ref: 704391BC
                                                                                                                                • _strcat_s.LIBCMT ref: 704391DE
                                                                                                                                • _strcat_s.LIBCMT ref: 70439203
                                                                                                                                • GetStdHandle.KERNEL32(000000F4,00000001,?,00000000,00000003,00000003,?,7043929D,000000FC,704384D3,7043C990,0000000C,70438595,70433EBE,?), ref: 70439233
                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,70433EBE,00000000,?,7043929D,000000FC,704384D3,7043C990,0000000C,70438595,70433EBE,?,?,70435316), ref: 70439261
                                                                                                                                Strings
                                                                                                                                • <program name unknown>, xrefs: 70439193
                                                                                                                                • Runtime Error!Program: , xrefs: 7043914C
                                                                                                                                • Microsoft Visual C++ Runtime Library, xrefs: 70439221
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _strcat_s$File__set_error_mode_strcpy_s$HandleModuleNameWrite
                                                                                                                                • String ID: <program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                • API String ID: 192105531-385325454
                                                                                                                                • Opcode ID: 65fcc514a55e6a4354d98c5db37e0439462796632fe4d32881def5b22556218b
                                                                                                                                • Instruction ID: da1c7a9bf794c0ac82f316d725aaa798905126fcf8bf061e7a4c3d1ca606642a
                                                                                                                                • Opcode Fuzzy Hash: 65fcc514a55e6a4354d98c5db37e0439462796632fe4d32881def5b22556218b
                                                                                                                                • Instruction Fuzzy Hash: E93133B3A056013AEB0157298C86F6FF27D8B5D218F95216CFD47B2392E62CED01C1A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E1610, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000009C), ref: 013E1638
                                                                                                                                • sk_new_null.ADB ref: 013E164F
                                                                                                                                • sk_num.ADB ref: 013E1662
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E1670
                                                                                                                                • sk_push.ADB(?,00000000), ref: 013E16A3
                                                                                                                                • sk_value.ADB(?,?), ref: 013E16B4
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,000000AE), ref: 013E1727
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E1738
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E1750
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocsk_new_nullsk_numsk_pushsk_value
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1740888079-3640079272
                                                                                                                                • Opcode ID: c3ee71d60294169d429b932a272bcb11045c37c2fca96252b7917cb148c7a2ef
                                                                                                                                • Instruction ID: 8998611b759e195ede347d90737550cf5eb16596354a126e9d5d52dc33bf5735
                                                                                                                                • Opcode Fuzzy Hash: c3ee71d60294169d429b932a272bcb11045c37c2fca96252b7917cb148c7a2ef
                                                                                                                                • Instruction Fuzzy Hash: E431F9B0B803226AF7215B25DC0AF5177E46B20B08F49405DEA457B5D2E3F1E5908792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098B6A4, Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 81%
                                                                                                                                			E7098B6A4(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20, char _a24, intOrPtr _a28, signed int _a32) {
				char _v5;
				signed int _v12;
				char* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t106;
				signed int _t108;
				intOrPtr _t116;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t126;
				intOrPtr* _t131;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t136;
				intOrPtr _t140;
				void* _t142;
				intOrPtr _t144;
				void* _t146;
				signed int* _t147;
				void* _t148;
				intOrPtr _t151;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int* _t165;
				intOrPtr* _t166;
				signed int _t167;
				void* _t168;
				intOrPtr* _t169;
				void* _t171;

				_v12 = _v12 & 0x00000000;
				_t155 = _a8;
				_t165 = _a20;
				_t106 = _t165[1];
				_v5 = 0;
				if(_t106 > 0x80) {
					_t156 =  *((intOrPtr*)(_t155 + 8));
				} else {
					_t156 =  *((char*)(_t155 + 8));
				}
				_v16 = _t156;
				if(_t156 < 0xffffffff) {
					L5:
					E7098AD09(_t154, _t165, _t168, _t175);
					goto L6;
				} else {
					_t175 = _t156 - _t106;
					if(_t156 < _t106) {
						L6:
						_t169 = _a4;
						if( *_t169 != 0xe06d7363) {
							L64:
							__eflags = _t165[3];
							if(_t165[3] <= 0) {
								L67:
								_t108 = _v12;
								__eflags = _t108;
								if(__eflags == 0) {
									_t108 = E70989F98(_t154, __eflags);
								}
								__eflags =  *(_t108 + 0x94);
								if(__eflags == 0) {
									L71:
									return _t108;
								} else {
									return E7098AD09(_t154, _t165, _t169, __eflags);
								}
							}
							__eflags = _a24;
							if(__eflags != 0) {
								L27:
								E7098ACB3(_t194);
								L28:
								_push(1);
								_push(_a4);
								E7098AFD5(_t154, _t165, _t169, _t194);
								_t156 =  &_v60;
								E7098AD5C( &_v60, "bad exception");
								E70988C6D( &_v60, 0x70993a7c);
								L29:
								_t165 = _a20;
								L30:
								if( *_t169 != 0xe06d7363 ||  *((intOrPtr*)(_t169 + 0x10)) != 3) {
									goto L64;
								} else {
									_t116 =  *((intOrPtr*)(_t169 + 0x14));
									if(_t116 == _t154 || _t116 == 0x19930521 || _t116 == 0x19930522) {
										if(_t165[3] <= 0) {
											L50:
											__eflags = _a24;
											if(__eflags != 0) {
												_push(1);
												_push(_t169);
												E7098AFD5(_t154, _t165, _t169, __eflags);
											}
											__eflags = _v5;
											if(_v5 != 0) {
												goto L67;
											} else {
												__eflags = ( *_t165 & 0x1fffffff) - 0x19930521;
												if(( *_t165 & 0x1fffffff) < 0x19930521) {
													goto L67;
												}
												_t119 = _t165[7];
												__eflags = _t119;
												if(_t119 == 0) {
													goto L67;
												}
												_t120 = E7098B05D(_t154, _t165, _t169, _t119);
												__eflags = _t120;
												if(_t120 != 0) {
													goto L67;
												}
												__eflags = _v12;
												if(__eflags == 0) {
													_t125 = E70989F98(_t154, __eflags);
													_v12 = _t125;
													__eflags = _t125;
													if(__eflags == 0) {
														_t126 = E70989F98(_t154, __eflags);
														_v12 = _t126;
														__eflags = _t126;
														if(__eflags == 0) {
															_v12 = E70989F98(_t154, __eflags);
														}
													}
												}
												__eflags = _a32;
												_t121 = _v12;
												_t156 = _a12;
												 *((intOrPtr*)(_t121 + 0x88)) = _t169;
												 *((intOrPtr*)(_t121 + 0x8c)) = _a12;
												_push(_t169);
												if(_a32 != 0) {
													_push(_a32);
												} else {
													_push(_a8);
												}
												E70987BD5(_t156);
												_push(_a16);
												_push(_a8);
												E7098AEA0(_t154, _t165, _t169, __eflags);
												_t171 = _t171 + 0x10;
												_push(_t165[7]);
												E7098B0F5(_t154, _t165, _t169, __eflags);
												goto L64;
											}
										}
										_t131 = E70987E3C(_t156, _t165, _a28, _v16,  &_v24,  &_v40);
										_t171 = _t171 + 0x14;
										_t166 = _t131;
										while(_v24 < _v40) {
											_t133 = _v16;
											if( *_t166 > _t133 || _t133 >  *((intOrPtr*)(_t166 + 4))) {
												L48:
												_v24 = _v24 + 1;
												_t166 = _t166 + 0x14;
												continue;
											} else {
												_v20 =  *((intOrPtr*)(_t166 + 0x10));
												_t135 =  *((intOrPtr*)(_t166 + 0xc));
												_v36 = _t135;
												if(_t135 <= 0) {
													goto L48;
												}
												_t136 =  *((intOrPtr*)(_t169 + 0x1c));
												_t47 =  *((intOrPtr*)(_t136 + 0xc)) + 4; // 0x4
												_v44 = _t47;
												_v48 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0xc))));
												do {
													_v28 = _v44;
													_t140 = _v48;
													_v32 = _t140;
													if(_t140 <= 0) {
														goto L45;
													} else {
														goto L43;
													}
													while(1) {
														L43:
														_t154 =  *_v28;
														_t142 = L7098ADDD(_v20, _t154,  *((intOrPtr*)(_t169 + 0x1c)));
														_t171 = _t171 + 0xc;
														if(_t142 != 0) {
															break;
														}
														_v32 = _v32 - 1;
														_v28 = _v28 + 4;
														if(_v32 > _t142) {
															continue;
														}
														goto L45;
													}
													_v5 = 1;
													_t154 = _v20;
													E7098B541(_t154, _t166, _a8, _t169, _a12, _a16, _a20, _t154, _a28, _a32);
													_t169 = _a4;
													_t171 = _t171 + 0x1c;
													goto L48;
													L45:
													_v36 = _v36 - 1;
													_v20 = _v20 + 0x10;
												} while (_v36 > 0);
												goto L48;
											}
										}
										_t165 = _a20;
										goto L50;
									} else {
										goto L64;
									}
								}
							}
							E7098B5B4(_t154, _t156, _t169, _a8, _a12, _a16, _t165, _v16, _a28, _a32);
							goto L67;
						}
						_t154 = 0x19930520;
						if( *((intOrPtr*)(_t169 + 0x10)) != 3) {
							goto L30;
						}
						_t144 =  *((intOrPtr*)(_t169 + 0x14));
						if(_t144 == 0x19930520 || _t144 == 0x19930521 || _t144 == 0x19930522) {
							_t181 =  *((intOrPtr*)(_t169 + 0x1c));
							if( *((intOrPtr*)(_t169 + 0x1c)) != 0) {
								goto L30;
							}
							_t108 = E70989F98(_t154, _t181);
							_t167 = _t108;
							_t169 =  *((intOrPtr*)(_t167 + 0x88));
							_v12 = _t167;
							if(_t169 == 0) {
								goto L71;
							} else {
								_a4 = _t169;
								_a12 =  *((intOrPtr*)(_t167 + 0x8c));
								_t146 = E7098F17F(_t169);
								_t156 = 1;
								_t183 = _t146;
								if(_t146 == 0) {
									E7098AD09(_t154, _t167, _t169, _t183);
								}
								if( *_t169 == 0xe06d7363 &&  *((intOrPtr*)(_t169 + 0x10)) == 3) {
									_t151 =  *((intOrPtr*)(_t169 + 0x14));
									if(_t151 == _t154 || _t151 == 0x19930521 || _t151 == 0x19930522) {
										_t189 =  *((intOrPtr*)(_t169 + 0x1c));
										if( *((intOrPtr*)(_t169 + 0x1c)) == 0) {
											E7098AD09(_t154, _t167, _t169, _t189);
										}
									}
								}
								_t22 = _t167 + 0x94; // 0x94
								_t147 = _t22;
								_t165 =  *_t147;
								if(_t165 == 0) {
									goto L29;
								}
								 *_t147 =  *_t147 & 0x00000000;
								_t148 = E7098B05D(_t154, _t165, _t169, _t165);
								_pop(_t156);
								if(_t148 != 0) {
									goto L29;
								}
								_t154 = 0;
								_t169 = 0;
								if( *_t165 <= 0) {
									goto L27;
								}
								while(E70988CE5( *((intOrPtr*)(_t165[1] + _t154 + 4)), 0x7099619c) == 0) {
									_t169 = _t169 + 1;
									_t154 = _t154 + 0x10;
									_t194 = _t169 -  *_t165;
									if(_t169 <  *_t165) {
										continue;
									}
									goto L27;
								}
								goto L28;
							}
						} else {
							goto L30;
						}
					}
					goto L5;
				}
			}














































                                                                                                                                0x7098b6ac
                                                                                                                                0x7098b6b0
                                                                                                                                0x7098b6b6
                                                                                                                                0x7098b6b9
                                                                                                                                0x7098b6c1
                                                                                                                                0x7098b6c5
                                                                                                                                0x7098b6cd
                                                                                                                                0x7098b6c7
                                                                                                                                0x7098b6c7
                                                                                                                                0x7098b6c7
                                                                                                                                0x7098b6d3
                                                                                                                                0x7098b6d6
                                                                                                                                0x7098b6dc
                                                                                                                                0x7098b6dc
                                                                                                                                0x00000000
                                                                                                                                0x7098b6d8
                                                                                                                                0x7098b6d8
                                                                                                                                0x7098b6da
                                                                                                                                0x7098b6e1
                                                                                                                                0x7098b6e1
                                                                                                                                0x7098b6ea
                                                                                                                                0x7098b9aa
                                                                                                                                0x7098b9aa
                                                                                                                                0x7098b9ae
                                                                                                                                0x7098b9d6
                                                                                                                                0x7098b9d6
                                                                                                                                0x7098b9d9
                                                                                                                                0x7098b9db
                                                                                                                                0x7098b9dd
                                                                                                                                0x7098b9dd
                                                                                                                                0x7098b9e2
                                                                                                                                0x7098b9e9
                                                                                                                                0x7098b9f4
                                                                                                                                0x7098b9f4
                                                                                                                                0x7098b9eb
                                                                                                                                0x00000000
                                                                                                                                0x7098b9eb
                                                                                                                                0x7098b9e9
                                                                                                                                0x7098b9b0
                                                                                                                                0x7098b9b4
                                                                                                                                0x7098b7c6
                                                                                                                                0x7098b7c6
                                                                                                                                0x7098b7cb
                                                                                                                                0x7098b7cb
                                                                                                                                0x7098b7cd
                                                                                                                                0x7098b7d0
                                                                                                                                0x7098b7dc
                                                                                                                                0x7098b7df
                                                                                                                                0x7098b7ed
                                                                                                                                0x7098b7f2
                                                                                                                                0x7098b7f2
                                                                                                                                0x7098b7f5
                                                                                                                                0x7098b7fb
                                                                                                                                0x00000000
                                                                                                                                0x7098b80b
                                                                                                                                0x7098b80b
                                                                                                                                0x7098b810
                                                                                                                                0x7098b828
                                                                                                                                0x7098b8ff
                                                                                                                                0x7098b8ff
                                                                                                                                0x7098b903
                                                                                                                                0x7098b905
                                                                                                                                0x7098b907
                                                                                                                                0x7098b908
                                                                                                                                0x7098b90e
                                                                                                                                0x7098b90f
                                                                                                                                0x7098b913
                                                                                                                                0x00000000
                                                                                                                                0x7098b919
                                                                                                                                0x7098b920
                                                                                                                                0x7098b925
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b92b
                                                                                                                                0x7098b92e
                                                                                                                                0x7098b930
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b937
                                                                                                                                0x7098b93d
                                                                                                                                0x7098b93f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b945
                                                                                                                                0x7098b949
                                                                                                                                0x7098b94b
                                                                                                                                0x7098b950
                                                                                                                                0x7098b953
                                                                                                                                0x7098b955
                                                                                                                                0x7098b957
                                                                                                                                0x7098b95c
                                                                                                                                0x7098b95f
                                                                                                                                0x7098b961
                                                                                                                                0x7098b968
                                                                                                                                0x7098b968
                                                                                                                                0x7098b961
                                                                                                                                0x7098b955
                                                                                                                                0x7098b96b
                                                                                                                                0x7098b96f
                                                                                                                                0x7098b972
                                                                                                                                0x7098b975
                                                                                                                                0x7098b97b
                                                                                                                                0x7098b981
                                                                                                                                0x7098b982
                                                                                                                                0x7098b989
                                                                                                                                0x7098b984
                                                                                                                                0x7098b984
                                                                                                                                0x7098b984
                                                                                                                                0x7098b98c
                                                                                                                                0x7098b994
                                                                                                                                0x7098b997
                                                                                                                                0x7098b99a
                                                                                                                                0x7098b99f
                                                                                                                                0x7098b9a2
                                                                                                                                0x7098b9a5
                                                                                                                                0x00000000
                                                                                                                                0x7098b9a5
                                                                                                                                0x7098b913
                                                                                                                                0x7098b83d
                                                                                                                                0x7098b842
                                                                                                                                0x7098b845
                                                                                                                                0x7098b847
                                                                                                                                0x7098b853
                                                                                                                                0x7098b858
                                                                                                                                0x7098b8f1
                                                                                                                                0x7098b8f1
                                                                                                                                0x7098b8f4
                                                                                                                                0x00000000
                                                                                                                                0x7098b867
                                                                                                                                0x7098b86a
                                                                                                                                0x7098b86d
                                                                                                                                0x7098b870
                                                                                                                                0x7098b875
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b877
                                                                                                                                0x7098b87d
                                                                                                                                0x7098b882
                                                                                                                                0x7098b885
                                                                                                                                0x7098b888
                                                                                                                                0x7098b88b
                                                                                                                                0x7098b88e
                                                                                                                                0x7098b891
                                                                                                                                0x7098b896
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b898
                                                                                                                                0x7098b898
                                                                                                                                0x7098b89e
                                                                                                                                0x7098b8a4
                                                                                                                                0x7098b8a9
                                                                                                                                0x7098b8ae
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b8b0
                                                                                                                                0x7098b8b3
                                                                                                                                0x7098b8ba
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b8ba
                                                                                                                                0x7098b8ce
                                                                                                                                0x7098b8d9
                                                                                                                                0x7098b8e6
                                                                                                                                0x7098b8eb
                                                                                                                                0x7098b8ee
                                                                                                                                0x00000000
                                                                                                                                0x7098b8bc
                                                                                                                                0x7098b8bc
                                                                                                                                0x7098b8bf
                                                                                                                                0x7098b8c3
                                                                                                                                0x00000000
                                                                                                                                0x7098b8c9
                                                                                                                                0x7098b858
                                                                                                                                0x7098b8fc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b810
                                                                                                                                0x7098b7fb
                                                                                                                                0x7098b9ce
                                                                                                                                0x00000000
                                                                                                                                0x7098b9d3
                                                                                                                                0x7098b6f4
                                                                                                                                0x7098b6f9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b6ff
                                                                                                                                0x7098b704
                                                                                                                                0x7098b718
                                                                                                                                0x7098b71c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b722
                                                                                                                                0x7098b727
                                                                                                                                0x7098b729
                                                                                                                                0x7098b72f
                                                                                                                                0x7098b734
                                                                                                                                0x00000000
                                                                                                                                0x7098b73a
                                                                                                                                0x7098b743
                                                                                                                                0x7098b746
                                                                                                                                0x7098b749
                                                                                                                                0x7098b74f
                                                                                                                                0x7098b750
                                                                                                                                0x7098b752
                                                                                                                                0x7098b754
                                                                                                                                0x7098b754
                                                                                                                                0x7098b75f
                                                                                                                                0x7098b767
                                                                                                                                0x7098b76c
                                                                                                                                0x7098b77c
                                                                                                                                0x7098b780
                                                                                                                                0x7098b782
                                                                                                                                0x7098b782
                                                                                                                                0x7098b780
                                                                                                                                0x7098b76c
                                                                                                                                0x7098b787
                                                                                                                                0x7098b787
                                                                                                                                0x7098b78d
                                                                                                                                0x7098b791
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b793
                                                                                                                                0x7098b797
                                                                                                                                0x7098b79c
                                                                                                                                0x7098b79f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b7a1
                                                                                                                                0x7098b7a3
                                                                                                                                0x7098b7a7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b7a9
                                                                                                                                0x7098b7be
                                                                                                                                0x7098b7bf
                                                                                                                                0x7098b7c2
                                                                                                                                0x7098b7c4
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b7c4
                                                                                                                                0x00000000
                                                                                                                                0x7098b7a9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b704
                                                                                                                                0x00000000
                                                                                                                                0x7098b6da

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __getptd$BuildCatchCheckException@8ObjectRangeThrowTrysstd::bad_exception::bad_exception
                                                                                                                                • String ID: bad exception$csm$csm$csm
                                                                                                                                • API String ID: 3865504782-820278400
                                                                                                                                • Opcode ID: d6c6d4aafcf45c4ed31f7efa175df28c6c5ea1f7ec10b20dc72abea1775bcd1c
                                                                                                                                • Instruction ID: bf35047cfa6dc90362a672f36581c4a22db53d0d53c65c1f3696f3c182804266
                                                                                                                                • Opcode Fuzzy Hash: d6c6d4aafcf45c4ed31f7efa175df28c6c5ea1f7ec10b20dc72abea1775bcd1c
                                                                                                                                • Instruction Fuzzy Hash: E0A17C3190020AAFDF118F65C881B9EBBB9BF04318F184119FA56A67D0D731E991CB93
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70437791, Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 81%
                                                                                                                                			E70437791(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20, char _a24, intOrPtr _a28, signed int _a32) {
				char _v5;
				signed int _v12;
				char* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t106;
				signed int _t108;
				intOrPtr _t116;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t125;
				signed int _t126;
				intOrPtr* _t131;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t136;
				intOrPtr _t140;
				void* _t142;
				intOrPtr _t144;
				void* _t146;
				signed int* _t147;
				void* _t148;
				intOrPtr _t151;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int* _t165;
				intOrPtr* _t166;
				signed int _t167;
				void* _t168;
				intOrPtr* _t169;
				void* _t171;

				_v12 = _v12 & 0x00000000;
				_t155 = _a8;
				_t165 = _a20;
				_t106 = _t165[1];
				_v5 = 0;
				if(_t106 > 0x80) {
					_t156 =  *((intOrPtr*)(_t155 + 8));
				} else {
					_t156 =  *((char*)(_t155 + 8));
				}
				_v16 = _t156;
				if(_t156 < 0xffffffff) {
					L5:
					E70437C28(_t154, _t165, _t168, _t175);
					goto L6;
				} else {
					_t175 = _t156 - _t106;
					if(_t156 < _t106) {
						L6:
						_t169 = _a4;
						if( *_t169 != 0xe06d7363) {
							L64:
							__eflags = _t165[3];
							if(_t165[3] <= 0) {
								L67:
								_t108 = _v12;
								__eflags = _t108;
								if(__eflags == 0) {
									_t108 = E7043612E(_t154, __eflags);
								}
								__eflags =  *(_t108 + 0x94);
								if(__eflags == 0) {
									L71:
									return _t108;
								} else {
									return E70437C28(_t154, _t165, _t169, __eflags);
								}
							}
							__eflags = _a24;
							if(__eflags != 0) {
								L27:
								E70437BD2(_t194);
								L28:
								_push(1);
								_push(_a4);
								E704370C2(_t154, _t165, _t169, _t194);
								_t156 =  &_v60;
								E70436E49( &_v60, "bad exception");
								E704348B2( &_v60, 0x7043c84c);
								L29:
								_t165 = _a20;
								L30:
								if( *_t169 != 0xe06d7363 ||  *((intOrPtr*)(_t169 + 0x10)) != 3) {
									goto L64;
								} else {
									_t116 =  *((intOrPtr*)(_t169 + 0x14));
									if(_t116 == _t154 || _t116 == 0x19930521 || _t116 == 0x19930522) {
										if(_t165[3] <= 0) {
											L50:
											__eflags = _a24;
											if(__eflags != 0) {
												_push(1);
												_push(_t169);
												E704370C2(_t154, _t165, _t169, __eflags);
											}
											__eflags = _v5;
											if(_v5 != 0) {
												goto L67;
											} else {
												__eflags = ( *_t165 & 0x1fffffff) - 0x19930521;
												if(( *_t165 & 0x1fffffff) < 0x19930521) {
													goto L67;
												}
												_t119 = _t165[7];
												__eflags = _t119;
												if(_t119 == 0) {
													goto L67;
												}
												_t120 = E7043714A(_t154, _t165, _t169, _t119);
												__eflags = _t120;
												if(_t120 != 0) {
													goto L67;
												}
												__eflags = _v12;
												if(__eflags == 0) {
													_t125 = E7043612E(_t154, __eflags);
													_v12 = _t125;
													__eflags = _t125;
													if(__eflags == 0) {
														_t126 = E7043612E(_t154, __eflags);
														_v12 = _t126;
														__eflags = _t126;
														if(__eflags == 0) {
															_v12 = E7043612E(_t154, __eflags);
														}
													}
												}
												__eflags = _a32;
												_t121 = _v12;
												_t156 = _a12;
												 *((intOrPtr*)(_t121 + 0x88)) = _t169;
												 *((intOrPtr*)(_t121 + 0x8c)) = _a12;
												_push(_t169);
												if(_a32 != 0) {
													_push(_a32);
												} else {
													_push(_a8);
												}
												E704343E1(_t156);
												_push(_a16);
												_push(_a8);
												E70436F8D(_t154, _t165, _t169, __eflags);
												_t171 = _t171 + 0x10;
												_push(_t165[7]);
												E704371E2(_t154, _t165, _t169, __eflags);
												goto L64;
											}
										}
										_t131 = E70434648(_t156, _t165, _a28, _v16,  &_v24,  &_v40);
										_t171 = _t171 + 0x14;
										_t166 = _t131;
										while(_v24 < _v40) {
											_t133 = _v16;
											if( *_t166 > _t133 || _t133 >  *((intOrPtr*)(_t166 + 4))) {
												L48:
												_v24 = _v24 + 1;
												_t166 = _t166 + 0x14;
												continue;
											} else {
												_v20 =  *((intOrPtr*)(_t166 + 0x10));
												_t135 =  *((intOrPtr*)(_t166 + 0xc));
												_v36 = _t135;
												if(_t135 <= 0) {
													goto L48;
												}
												_t136 =  *((intOrPtr*)(_t169 + 0x1c));
												_t47 =  *((intOrPtr*)(_t136 + 0xc)) + 4; // 0x4
												_v44 = _t47;
												_v48 =  *((intOrPtr*)( *((intOrPtr*)(_t136 + 0xc))));
												do {
													_v28 = _v44;
													_t140 = _v48;
													_v32 = _t140;
													if(_t140 <= 0) {
														goto L45;
													} else {
														goto L43;
													}
													while(1) {
														L43:
														_t154 =  *_v28;
														_t142 = E70436ECA(_v20, _t154,  *((intOrPtr*)(_t169 + 0x1c)));
														_t171 = _t171 + 0xc;
														if(_t142 != 0) {
															break;
														}
														_v32 = _v32 - 1;
														_v28 = _v28 + 4;
														if(_v32 > _t142) {
															continue;
														}
														goto L45;
													}
													_v5 = 1;
													_t154 = _v20;
													E7043762E(_t154, _t166, _a8, _t169, _a12, _a16, _a20, _t154, _a28, _a32);
													_t169 = _a4;
													_t171 = _t171 + 0x1c;
													goto L48;
													L45:
													_v36 = _v36 - 1;
													_v20 = _v20 + 0x10;
												} while (_v36 > 0);
												goto L48;
											}
										}
										_t165 = _a20;
										goto L50;
									} else {
										goto L64;
									}
								}
							}
							E704376A1(_t154, _t156, _t169, _a8, _a12, _a16, _t165, _v16, _a28, _a32);
							goto L67;
						}
						_t154 = 0x19930520;
						if( *((intOrPtr*)(_t169 + 0x10)) != 3) {
							goto L30;
						}
						_t144 =  *((intOrPtr*)(_t169 + 0x14));
						if(_t144 == 0x19930520 || _t144 == 0x19930521 || _t144 == 0x19930522) {
							_t181 =  *((intOrPtr*)(_t169 + 0x1c));
							if( *((intOrPtr*)(_t169 + 0x1c)) != 0) {
								goto L30;
							}
							_t108 = E7043612E(_t154, _t181);
							_t167 = _t108;
							_t169 =  *((intOrPtr*)(_t167 + 0x88));
							_v12 = _t167;
							if(_t169 == 0) {
								goto L71;
							} else {
								_a4 = _t169;
								_a12 =  *((intOrPtr*)(_t167 + 0x8c));
								_t146 = E7043A380(_t169);
								_t156 = 1;
								_t183 = _t146;
								if(_t146 == 0) {
									E70437C28(_t154, _t167, _t169, _t183);
								}
								if( *_t169 == 0xe06d7363 &&  *((intOrPtr*)(_t169 + 0x10)) == 3) {
									_t151 =  *((intOrPtr*)(_t169 + 0x14));
									if(_t151 == _t154 || _t151 == 0x19930521 || _t151 == 0x19930522) {
										_t189 =  *((intOrPtr*)(_t169 + 0x1c));
										if( *((intOrPtr*)(_t169 + 0x1c)) == 0) {
											E70437C28(_t154, _t167, _t169, _t189);
										}
									}
								}
								_t22 = _t167 + 0x94; // 0x94
								_t147 = _t22;
								_t165 =  *_t147;
								if(_t165 == 0) {
									goto L29;
								}
								 *_t147 =  *_t147 & 0x00000000;
								_t148 = E7043714A(_t154, _t165, _t169, _t165);
								_pop(_t156);
								if(_t148 != 0) {
									goto L29;
								}
								_t154 = 0;
								_t169 = 0;
								if( *_t165 <= 0) {
									goto L27;
								}
								while(E7043492A( *((intOrPtr*)(_t165[1] + _t154 + 4)), 0x7043e124) == 0) {
									_t169 = _t169 + 1;
									_t154 = _t154 + 0x10;
									_t194 = _t169 -  *_t165;
									if(_t169 <  *_t165) {
										continue;
									}
									goto L27;
								}
								goto L28;
							}
						} else {
							goto L30;
						}
					}
					goto L5;
				}
			}














































                                                                                                                                0x70437799
                                                                                                                                0x7043779d
                                                                                                                                0x704377a3
                                                                                                                                0x704377a6
                                                                                                                                0x704377ae
                                                                                                                                0x704377b2
                                                                                                                                0x704377ba
                                                                                                                                0x704377b4
                                                                                                                                0x704377b4
                                                                                                                                0x704377b4
                                                                                                                                0x704377c0
                                                                                                                                0x704377c3
                                                                                                                                0x704377c9
                                                                                                                                0x704377c9
                                                                                                                                0x00000000
                                                                                                                                0x704377c5
                                                                                                                                0x704377c5
                                                                                                                                0x704377c7
                                                                                                                                0x704377ce
                                                                                                                                0x704377ce
                                                                                                                                0x704377d7
                                                                                                                                0x70437a97
                                                                                                                                0x70437a97
                                                                                                                                0x70437a9b
                                                                                                                                0x70437ac3
                                                                                                                                0x70437ac3
                                                                                                                                0x70437ac6
                                                                                                                                0x70437ac8
                                                                                                                                0x70437aca
                                                                                                                                0x70437aca
                                                                                                                                0x70437acf
                                                                                                                                0x70437ad6
                                                                                                                                0x70437ae1
                                                                                                                                0x70437ae1
                                                                                                                                0x70437ad8
                                                                                                                                0x00000000
                                                                                                                                0x70437ad8
                                                                                                                                0x70437ad6
                                                                                                                                0x70437a9d
                                                                                                                                0x70437aa1
                                                                                                                                0x704378b3
                                                                                                                                0x704378b3
                                                                                                                                0x704378b8
                                                                                                                                0x704378b8
                                                                                                                                0x704378ba
                                                                                                                                0x704378bd
                                                                                                                                0x704378c9
                                                                                                                                0x704378cc
                                                                                                                                0x704378da
                                                                                                                                0x704378df
                                                                                                                                0x704378df
                                                                                                                                0x704378e2
                                                                                                                                0x704378e8
                                                                                                                                0x00000000
                                                                                                                                0x704378f8
                                                                                                                                0x704378f8
                                                                                                                                0x704378fd
                                                                                                                                0x70437915
                                                                                                                                0x704379ec
                                                                                                                                0x704379ec
                                                                                                                                0x704379f0
                                                                                                                                0x704379f2
                                                                                                                                0x704379f4
                                                                                                                                0x704379f5
                                                                                                                                0x704379fb
                                                                                                                                0x704379fc
                                                                                                                                0x70437a00
                                                                                                                                0x00000000
                                                                                                                                0x70437a06
                                                                                                                                0x70437a0d
                                                                                                                                0x70437a12
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437a18
                                                                                                                                0x70437a1b
                                                                                                                                0x70437a1d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437a24
                                                                                                                                0x70437a2a
                                                                                                                                0x70437a2c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437a32
                                                                                                                                0x70437a36
                                                                                                                                0x70437a38
                                                                                                                                0x70437a3d
                                                                                                                                0x70437a40
                                                                                                                                0x70437a42
                                                                                                                                0x70437a44
                                                                                                                                0x70437a49
                                                                                                                                0x70437a4c
                                                                                                                                0x70437a4e
                                                                                                                                0x70437a55
                                                                                                                                0x70437a55
                                                                                                                                0x70437a4e
                                                                                                                                0x70437a42
                                                                                                                                0x70437a58
                                                                                                                                0x70437a5c
                                                                                                                                0x70437a5f
                                                                                                                                0x70437a62
                                                                                                                                0x70437a68
                                                                                                                                0x70437a6e
                                                                                                                                0x70437a6f
                                                                                                                                0x70437a76
                                                                                                                                0x70437a71
                                                                                                                                0x70437a71
                                                                                                                                0x70437a71
                                                                                                                                0x70437a79
                                                                                                                                0x70437a81
                                                                                                                                0x70437a84
                                                                                                                                0x70437a87
                                                                                                                                0x70437a8c
                                                                                                                                0x70437a8f
                                                                                                                                0x70437a92
                                                                                                                                0x00000000
                                                                                                                                0x70437a92
                                                                                                                                0x70437a00
                                                                                                                                0x7043792a
                                                                                                                                0x7043792f
                                                                                                                                0x70437932
                                                                                                                                0x70437934
                                                                                                                                0x70437940
                                                                                                                                0x70437945
                                                                                                                                0x704379de
                                                                                                                                0x704379de
                                                                                                                                0x704379e1
                                                                                                                                0x00000000
                                                                                                                                0x70437954
                                                                                                                                0x70437957
                                                                                                                                0x7043795a
                                                                                                                                0x7043795d
                                                                                                                                0x70437962
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437964
                                                                                                                                0x7043796a
                                                                                                                                0x7043796f
                                                                                                                                0x70437972
                                                                                                                                0x70437975
                                                                                                                                0x70437978
                                                                                                                                0x7043797b
                                                                                                                                0x7043797e
                                                                                                                                0x70437983
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437985
                                                                                                                                0x70437985
                                                                                                                                0x7043798b
                                                                                                                                0x70437991
                                                                                                                                0x70437996
                                                                                                                                0x7043799b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043799d
                                                                                                                                0x704379a0
                                                                                                                                0x704379a7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704379a7
                                                                                                                                0x704379bb
                                                                                                                                0x704379c6
                                                                                                                                0x704379d3
                                                                                                                                0x704379d8
                                                                                                                                0x704379db
                                                                                                                                0x00000000
                                                                                                                                0x704379a9
                                                                                                                                0x704379a9
                                                                                                                                0x704379ac
                                                                                                                                0x704379b0
                                                                                                                                0x00000000
                                                                                                                                0x704379b6
                                                                                                                                0x70437945
                                                                                                                                0x704379e9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704378fd
                                                                                                                                0x704378e8
                                                                                                                                0x70437abb
                                                                                                                                0x00000000
                                                                                                                                0x70437ac0
                                                                                                                                0x704377e1
                                                                                                                                0x704377e6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704377ec
                                                                                                                                0x704377f1
                                                                                                                                0x70437805
                                                                                                                                0x70437809
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043780f
                                                                                                                                0x70437814
                                                                                                                                0x70437816
                                                                                                                                0x7043781c
                                                                                                                                0x70437821
                                                                                                                                0x00000000
                                                                                                                                0x70437827
                                                                                                                                0x70437830
                                                                                                                                0x70437833
                                                                                                                                0x70437836
                                                                                                                                0x7043783c
                                                                                                                                0x7043783d
                                                                                                                                0x7043783f
                                                                                                                                0x70437841
                                                                                                                                0x70437841
                                                                                                                                0x7043784c
                                                                                                                                0x70437854
                                                                                                                                0x70437859
                                                                                                                                0x70437869
                                                                                                                                0x7043786d
                                                                                                                                0x7043786f
                                                                                                                                0x7043786f
                                                                                                                                0x7043786d
                                                                                                                                0x70437859
                                                                                                                                0x70437874
                                                                                                                                0x70437874
                                                                                                                                0x7043787a
                                                                                                                                0x7043787e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437880
                                                                                                                                0x70437884
                                                                                                                                0x70437889
                                                                                                                                0x7043788c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043788e
                                                                                                                                0x70437890
                                                                                                                                0x70437894
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70437896
                                                                                                                                0x704378ab
                                                                                                                                0x704378ac
                                                                                                                                0x704378af
                                                                                                                                0x704378b1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704378b1
                                                                                                                                0x00000000
                                                                                                                                0x70437896
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704377f1
                                                                                                                                0x00000000
                                                                                                                                0x704377c7

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __getptd$BuildCatchCheckException@8ObjectRangeThrowTrysstd::bad_exception::bad_exception
                                                                                                                                • String ID: bad exception$csm$csm$csm
                                                                                                                                • API String ID: 3865504782-820278400
                                                                                                                                • Opcode ID: b922bde3fcd60ff087f708e8cc7b19c96294b9572dfd41cd955057f68ebea932
                                                                                                                                • Instruction ID: 7a68a5295069d212ab1fb3c7cd8f943d237e07663b22217c0d16ceac86b66e41
                                                                                                                                • Opcode Fuzzy Hash: b922bde3fcd60ff087f708e8cc7b19c96294b9572dfd41cd955057f68ebea932
                                                                                                                                • Instruction Fuzzy Hash: 32A18F7190020AAFDF21DFA4C881B9DFBB6BF0E214F90A51DE496B6240D778ED51CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7099193E, Relevance: 21.2, APIs: 14, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 94%
                                                                                                                                			E7099193E(void* __edx, intOrPtr* _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, int _a28) {
				signed int _v8;
				short _v12;
				short* _v16;
				int _v20;
				int _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t61;
				int _t63;
				int _t64;
				int _t66;
				int _t69;
				void* _t71;
				short* _t72;
				void* _t77;
				int _t78;
				void* _t80;
				char* _t81;
				int _t90;
				long _t91;
				void* _t105;
				int _t108;
				signed int _t109;
				char* _t110;
				char* _t112;

				_t105 = __edx;
				_t61 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t61 ^ _t109;
				if(_a16 >= 0xffffffff) {
					_t63 =  *0x70997ce8; // 0x0
					_t108 = GetStringTypeW;
					_t92 = 0;
					_t107 = 1;
					__eflags = _t63;
					if(_t63 != 0) {
						L8:
						__eflags = _t63 - _t107;
						if(_t63 != _t107) {
							__eflags = _t63 - 2;
							if(_t63 == 2) {
								L12:
								_v20 = _t92;
								__eflags = _a28 - _t92;
								if(_a28 == _t92) {
									_a28 =  *((intOrPtr*)( *_a4 + 0x14));
								}
								__eflags = _a24 - _t92;
								if(_a24 == _t92) {
									_a24 =  *((intOrPtr*)( *_a4 + 4));
								}
								_t64 = E7099168F(_t92, _t105, _t107, _t108, _a28);
								__eflags = _a24 - _t64;
								if(_a24 != _t64) {
									__eflags = _t64 - 0xffffffff;
									if(_t64 != 0xffffffff) {
										_a24 = _t64;
									}
								}
								_t107 = WideCharToMultiByte;
								_t108 = WideCharToMultiByte(_a24, _t92, _a12, _a16, _t92, _t92, _t92, _t92);
								_v24 = _t108;
								__eflags = _t108 - _t92;
								if(__eflags == 0) {
									goto L1;
								} else {
									if(__eflags <= 0) {
										L29:
										_v12 = _t92;
										L30:
										__eflags = _v12 - _t92;
										if(_v12 == _t92) {
											goto L1;
										}
										E70989080(_t107, _v12, _t92, _t108);
										_t112 =  &(_t110[0xc]);
										_t69 = WideCharToMultiByte(_a24, _t92, _a12, _a16, _v12, _t108, _t92, _t92);
										__eflags = _t69;
										if(_t69 == 0) {
											L50:
											E7098F2EF(_v12);
											_t66 = _v20;
											L51:
											return E70987FB3(_t66, _t92, _v8 ^ _t109, _t105, _t107, _t108);
										}
										_t33 = _t108 + 1; // 0x1
										_t71 = _t33;
										__eflags = _t71 - _t92;
										if(_t71 <= _t92) {
											L41:
											_v16 = _t92;
											L42:
											_t72 = _v16;
											__eflags = _t72 - _t92;
											if(_t72 == _t92) {
												goto L50;
											}
											__eflags = _a28 - _t92;
											if(_a28 == _t92) {
												_a28 =  *((intOrPtr*)( *_a4 + 0x14));
											}
											_t92 = _a16 + _a16;
											_t108 = _t72 + _a16 + _a16;
											_t107 = 0xffff;
											 *_t108 = 0xffff;
											 *((short*)(_t108 - 2)) = 0xffff;
											_v20 = GetStringTypeA(_a28, _a8, _v12, _v24, _t72);
											__eflags =  *((intOrPtr*)(_t108 - 2)) - 0xffff;
											if( *((intOrPtr*)(_t108 - 2)) == 0xffff) {
												L48:
												_t54 =  &_v20;
												 *_t54 = _v20 & 0x00000000;
												__eflags =  *_t54;
												goto L49;
											} else {
												__eflags =  *_t108 - 0xffff;
												if( *_t108 != 0xffff) {
													goto L48;
												}
												E70988470(_t92, 0xffff, _t108, _a20, _v16, _t92);
												L49:
												E7098F2EF(_v16);
												goto L50;
											}
										}
										__eflags = _t71 - 0x7ffffff0;
										if(_t71 > 0x7ffffff0) {
											goto L41;
										}
										_t35 = _t108 + 0xa; // 0xa
										_t77 = _t108 + _t35;
										__eflags = _t77 - 0x400;
										if(_t77 > 0x400) {
											_t78 = E70988B9E(_t92, _t107, _t77);
											__eflags = _t78 - _t92;
											if(_t78 == _t92) {
												L40:
												_v16 = _t78;
												goto L42;
											}
											 *_t78 = 0xdddd;
											L39:
											_t78 = _t78 + 8;
											__eflags = _t78;
											goto L40;
										}
										E70989680(_t77);
										_t78 = _t112;
										__eflags = _t78 - _t92;
										if(_t78 == _t92) {
											goto L40;
										}
										 *_t78 = 0xcccc;
										goto L39;
									}
									__eflags = _t108 - 0xffffffe0;
									if(_t108 > 0xffffffe0) {
										goto L29;
									}
									_t24 = _t108 + 8; // 0x8
									_t80 = _t24;
									__eflags = _t80 - 0x400;
									if(_t80 > 0x400) {
										_t81 = E70988B9E(_t92, WideCharToMultiByte, _t80);
										__eflags = _t81 - _t92;
										if(_t81 == _t92) {
											L28:
											_v12 = _t81;
											goto L30;
										}
										 *_t81 = 0xdddd;
										L27:
										_t81 =  &(_t81[8]);
										__eflags = _t81;
										goto L28;
									}
									E70989680(_t80);
									_t81 = _t110;
									__eflags = _t81 - _t92;
									if(_t81 == _t92) {
										goto L28;
									}
									 *_t81 = 0xcccc;
									goto L27;
								}
							}
							__eflags = _t63 - _t92;
							if(_t63 != _t92) {
								goto L1;
							}
							goto L12;
						}
						L9:
						_t66 = GetStringTypeW(_a8, _a12, _a16, _a20);
						goto L51;
					}
					_t90 = GetStringTypeW(1, 0x70981e08, 1,  &_v12);
					__eflags = _t90;
					if(_t90 == 0) {
						_t91 = GetLastError();
						__eflags = _t91 - 0x78;
						if(_t91 != 0x78) {
							_t63 =  *0x70997ce8; // 0x0
						} else {
							_t63 = 2;
							 *0x70997ce8 = _t63;
						}
						goto L8;
					} else {
						 *0x70997ce8 = 1;
						goto L9;
					}
				}
				L1:
				_t66 = 0;
				goto L51;
			}






























                                                                                                                                0x7099193e
                                                                                                                                0x70991946
                                                                                                                                0x7099194d
                                                                                                                                0x70991957
                                                                                                                                0x70991960
                                                                                                                                0x70991965
                                                                                                                                0x7099196d
                                                                                                                                0x7099196f
                                                                                                                                0x70991970
                                                                                                                                0x70991972
                                                                                                                                0x709919a7
                                                                                                                                0x709919a7
                                                                                                                                0x709919a9
                                                                                                                                0x709919be
                                                                                                                                0x709919c1
                                                                                                                                0x709919c7
                                                                                                                                0x709919c7
                                                                                                                                0x709919ca
                                                                                                                                0x709919cd
                                                                                                                                0x709919d7
                                                                                                                                0x709919d7
                                                                                                                                0x709919da
                                                                                                                                0x709919dd
                                                                                                                                0x709919e7
                                                                                                                                0x709919e7
                                                                                                                                0x709919ed
                                                                                                                                0x709919f3
                                                                                                                                0x709919f6
                                                                                                                                0x709919f8
                                                                                                                                0x709919fb
                                                                                                                                0x709919fd
                                                                                                                                0x709919fd
                                                                                                                                0x709919fb
                                                                                                                                0x70991a00
                                                                                                                                0x70991a16
                                                                                                                                0x70991a18
                                                                                                                                0x70991a1b
                                                                                                                                0x70991a1d
                                                                                                                                0x00000000
                                                                                                                                0x70991a23
                                                                                                                                0x70991a23
                                                                                                                                0x70991a60
                                                                                                                                0x70991a60
                                                                                                                                0x70991a63
                                                                                                                                0x70991a63
                                                                                                                                0x70991a66
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991a71
                                                                                                                                0x70991a76
                                                                                                                                0x70991a89
                                                                                                                                0x70991a8b
                                                                                                                                0x70991a8d
                                                                                                                                0x70991b49
                                                                                                                                0x70991b4c
                                                                                                                                0x70991b51
                                                                                                                                0x70991b55
                                                                                                                                0x70991b66
                                                                                                                                0x70991b66
                                                                                                                                0x70991a93
                                                                                                                                0x70991a93
                                                                                                                                0x70991a96
                                                                                                                                0x70991a98
                                                                                                                                0x70991ad8
                                                                                                                                0x70991ad8
                                                                                                                                0x70991adb
                                                                                                                                0x70991adb
                                                                                                                                0x70991ade
                                                                                                                                0x70991ae0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991ae2
                                                                                                                                0x70991ae5
                                                                                                                                0x70991aef
                                                                                                                                0x70991aef
                                                                                                                                0x70991af9
                                                                                                                                0x70991afe
                                                                                                                                0x70991b04
                                                                                                                                0x70991b0e
                                                                                                                                0x70991b11
                                                                                                                                0x70991b1b
                                                                                                                                0x70991b20
                                                                                                                                0x70991b24
                                                                                                                                0x70991b3c
                                                                                                                                0x70991b3c
                                                                                                                                0x70991b3c
                                                                                                                                0x70991b3c
                                                                                                                                0x00000000
                                                                                                                                0x70991b26
                                                                                                                                0x70991b26
                                                                                                                                0x70991b29
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991b32
                                                                                                                                0x70991b40
                                                                                                                                0x70991b43
                                                                                                                                0x00000000
                                                                                                                                0x70991b48
                                                                                                                                0x70991b24
                                                                                                                                0x70991a9a
                                                                                                                                0x70991a9f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991aa1
                                                                                                                                0x70991aa1
                                                                                                                                0x70991aa5
                                                                                                                                0x70991aaa
                                                                                                                                0x70991ac0
                                                                                                                                0x70991ac6
                                                                                                                                0x70991ac8
                                                                                                                                0x70991ad3
                                                                                                                                0x70991ad3
                                                                                                                                0x00000000
                                                                                                                                0x70991ad3
                                                                                                                                0x70991aca
                                                                                                                                0x70991ad0
                                                                                                                                0x70991ad0
                                                                                                                                0x70991ad0
                                                                                                                                0x00000000
                                                                                                                                0x70991ad0
                                                                                                                                0x70991aac
                                                                                                                                0x70991ab1
                                                                                                                                0x70991ab3
                                                                                                                                0x70991ab5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991ab7
                                                                                                                                0x00000000
                                                                                                                                0x70991ab7
                                                                                                                                0x70991a25
                                                                                                                                0x70991a28
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991a2a
                                                                                                                                0x70991a2a
                                                                                                                                0x70991a2d
                                                                                                                                0x70991a32
                                                                                                                                0x70991a48
                                                                                                                                0x70991a4e
                                                                                                                                0x70991a50
                                                                                                                                0x70991a5b
                                                                                                                                0x70991a5b
                                                                                                                                0x00000000
                                                                                                                                0x70991a5b
                                                                                                                                0x70991a52
                                                                                                                                0x70991a58
                                                                                                                                0x70991a58
                                                                                                                                0x70991a58
                                                                                                                                0x00000000
                                                                                                                                0x70991a58
                                                                                                                                0x70991a34
                                                                                                                                0x70991a39
                                                                                                                                0x70991a3b
                                                                                                                                0x70991a3d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991a3f
                                                                                                                                0x00000000
                                                                                                                                0x70991a3f
                                                                                                                                0x70991a1d
                                                                                                                                0x709919c3
                                                                                                                                0x709919c5
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709919c5
                                                                                                                                0x709919ab
                                                                                                                                0x709919b7
                                                                                                                                0x00000000
                                                                                                                                0x709919b7
                                                                                                                                0x7099197f
                                                                                                                                0x70991981
                                                                                                                                0x70991983
                                                                                                                                0x7099198d
                                                                                                                                0x70991993
                                                                                                                                0x70991996
                                                                                                                                0x709919a2
                                                                                                                                0x70991998
                                                                                                                                0x7099199a
                                                                                                                                0x7099199b
                                                                                                                                0x7099199b
                                                                                                                                0x00000000
                                                                                                                                0x70991985
                                                                                                                                0x70991985
                                                                                                                                0x00000000
                                                                                                                                0x70991985
                                                                                                                                0x70991983
                                                                                                                                0x70991959
                                                                                                                                0x70991959
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • GetStringTypeW.KERNEL32(00000001,70981E08,00000001,?,?,00000000,00000000), ref: 7099197F
                                                                                                                                • GetStringTypeW.KERNEL32(?,?,000000FF,00000000,?,00000000,00000000), ref: 709919B7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: StringType
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4177115715-0
                                                                                                                                • Opcode ID: 4c4a6022af4d5deeb334634dbfedd58c18330cbeda4fc6ad3fbe05911758ea14
                                                                                                                                • Instruction ID: 768c4a76a61244e1c8895183cbe0dbc6379cae29966b763bbdd1cb40f0fb1b6e
                                                                                                                                • Opcode Fuzzy Hash: 4c4a6022af4d5deeb334634dbfedd58c18330cbeda4fc6ad3fbe05911758ea14
                                                                                                                                • Instruction Fuzzy Hash: 3061CF71911209EFDF018F55CC809AE7BBAFF88354B20452AF916A73A0D730DD50DB6A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70435FE0, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 52libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E70435FE0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				void* _t36;
				void* _t39;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x7043c748);
				E70434970(__ebx, __edi, __esi);
				_t23 = GetModuleHandleW(L"KERNELBASE.DLL");
				 *(_t46 - 0x1c) = _t23;
				if(_t23 == 0) {
					 *(_t46 - 0x1c) = GetModuleHandleW(L"KERNEL32.DLL");
				}
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x7043e068;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if( *(_t46 - 0x1c) != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress( *(_t46 - 0x1c), "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x7043e5c0;
				InterlockedIncrement(0x7043e5c0);
				E7043857A(_t35, _t36, _t39, 1, 0xc);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t27 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t27;
				if(_t27 == 0) {
					_t31 =  *0x7043e5b0; // 0x7043e4d8
					 *((intOrPtr*)(_t45 + 0x6c)) = _t31;
				}
				_t20 = _t45 + 0x6c; // 0xcccccccc
				E7043993B( *_t20);
				 *(_t46 - 4) = 0xfffffffe;
				return E704349B5(E7043609F());
			}










                                                                                                                                0x70435fe0
                                                                                                                                0x70435fe0
                                                                                                                                0x70435fe2
                                                                                                                                0x70435fe7
                                                                                                                                0x70435ff7
                                                                                                                                0x70435ff9
                                                                                                                                0x70435ffe
                                                                                                                                0x70436007
                                                                                                                                0x70436007
                                                                                                                                0x7043600a
                                                                                                                                0x7043600d
                                                                                                                                0x70436017
                                                                                                                                0x7043601e
                                                                                                                                0x70436028
                                                                                                                                0x70436030
                                                                                                                                0x70436040
                                                                                                                                0x70436040
                                                                                                                                0x70436046
                                                                                                                                0x70436049
                                                                                                                                0x70436050
                                                                                                                                0x7043605c
                                                                                                                                0x70436060
                                                                                                                                0x70436068
                                                                                                                                0x7043606e
                                                                                                                                0x70436072
                                                                                                                                0x70436075
                                                                                                                                0x7043607a
                                                                                                                                0x7043607c
                                                                                                                                0x70436081
                                                                                                                                0x70436081
                                                                                                                                0x70436084
                                                                                                                                0x70436087
                                                                                                                                0x7043608d
                                                                                                                                0x7043609e

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,7043C748,0000000C,7043610D,00000000,00000000,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435FF7
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70436005
                                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 7043602E
                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 7043603E
                                                                                                                                • InterlockedIncrement.KERNEL32(7043E5C0), ref: 70436060
                                                                                                                                • __lock.LIBCMT ref: 70436068
                                                                                                                                • ___addlocaleref.LIBCMT ref: 70436087
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc$IncrementInterlocked___addlocaleref__lock
                                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL$KERNELBASE.DLL$hCp
                                                                                                                                • API String ID: 1722640559-2759579264
                                                                                                                                • Opcode ID: 2b2763bb2114fd7701c2009730ab361cd48685aff2e71c36920e136a1e3c04aa
                                                                                                                                • Instruction ID: 86e6b1b182ee99003fb1807c86b96146601084ba195de22d06d925aec787ad08
                                                                                                                                • Opcode Fuzzy Hash: 2b2763bb2114fd7701c2009730ab361cd48685aff2e71c36920e136a1e3c04aa
                                                                                                                                • Instruction Fuzzy Hash: 3311FC71900746EED7219F76C84179EFBF0AF08318F50A52EE895B7360D778A9418F54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70991057, Relevance: 19.7, APIs: 13, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E70991057(void* __ecx, void* __edx, signed int _a4, signed char** _a8) {
				signed int _v8;
				char _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				void* _t44;
				void* _t45;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;
				signed int _t58;
				void* _t60;
				signed int _t67;
				signed int _t69;
				void* _t72;
				void* _t78;
				signed char _t84;
				void* _t91;
				void* _t92;
				signed char* _t96;
				signed char* _t102;
				signed char* _t104;
				signed char** _t109;
				signed int _t110;

				_t107 = __edx;
				_t39 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t39 ^ _t110;
				_t109 = _a8;
				if((_t109[3] & 0x00000040) != 0) {
					L34:
					_t34 =  &(_t109[1]);
					 *_t34 =  &(_t109[1][0xfffffffffffffffe]);
					if( *_t34 < 0) {
						_t42 = E709920BC(_t84, _t107, 0x70996174, _a4 & 0x0000ffff, _t109);
					} else {
						_t42 = _a4;
						 *( *_t109) = _a4;
						 *_t109 =  &(( *_t109)[2]);
					}
					L37:
					return E70987FB3(_t42, _t84, _v8 ^ _t110, _t107, 0x70996174, _t109);
				}
				_t44 = E70990FE7(_t84, __ecx, __edx, 0x70996174, _t109);
				_pop(_t91);
				if(_t44 == 0xffffffff) {
					L4:
					_t45 = 0x70996174;
					L5:
					_t8 = _t45 + 8; // 0x0
					if(( *_t8 & 0x00000003) == 2) {
						goto L34;
					}
					_t48 = E70990FE7(_t84, _t91, _t107, 0x70996174, _t109);
					_pop(_t92);
					if(_t48 == 0xffffffff) {
						L9:
						_t49 = 0x70996174;
						L10:
						_t11 = _t49 + 8; // 0x0
						if(( *_t11 & 0x00000003) != 1) {
							_t52 = E70990FE7(_t84, _t92, _t107, 0x70996174, _t109);
							_pop(_t93);
							if(_t52 == 0xffffffff) {
								L24:
								_t53 = 0x70996174;
								L25:
								if(( *(_t53 + 4) & 0x00000080) == 0) {
									goto L34;
								}
								if(E7099239F( &_v20,  &_v16, 5, _a4) != 0) {
									L15:
									_t42 = 0xffff;
									goto L37;
								}
								_t84 = 0;
								if(_v20 <= 0) {
									L33:
									_t42 = _a4;
									goto L37;
								} else {
									goto L28;
								}
								while(1) {
									L28:
									_t26 =  &(_t109[1]);
									 *_t26 = _t109[1] - 1;
									if( *_t26 < 0) {
										_t58 = E7098CAA5(_t84, _t93, _t107, 0x70996174,  *((char*)(_t110 + _t84 - 0xc)), _t109);
										_pop(_t93);
									} else {
										 *( *_t109) =  *((intOrPtr*)(_t110 + _t84 - 0xc));
										_t96 =  *_t109;
										_t58 =  *_t96 & 0x000000ff;
										_t93 =  &(_t96[1]);
										 *_t109 =  &(_t96[1]);
									}
									if(_t58 == 0xffffffff) {
										goto L15;
									}
									_t84 = _t84 + 1;
									if(_t84 < _v20) {
										continue;
									}
									goto L33;
								}
								goto L15;
							}
							_t60 = E70990FE7(_t84, _t93, _t107, 0x70996174, _t109);
							_pop(_t93);
							if(_t60 == 0xfffffffe) {
								goto L24;
							}
							_t84 = 0x70998d40 + (E70990FE7(_t84, _t93, _t107, 0x70996174, _t109) >> 5) * 4;
							_t53 = (E70990FE7(_t84, _t93, _t107, 0x70996174, _t109) & 0x0000001f) * 0x24 +  *_t84;
							_pop(_t93);
							goto L25;
						}
						_t12 =  &(_t109[1]);
						 *_t12 = _t109[1] - 1;
						_t84 = _a4;
						if( *_t12 < 0) {
							_t67 = E7098CAA5(_t84, _t92, _t107, 0x70996174, _t84, _t109);
							_pop(_t99);
						} else {
							 *( *_t109) = _t84;
							_t104 =  *_t109;
							_t67 =  *_t104 & 0x000000ff;
							_t99 =  &(_t104[1]);
							 *_t109 =  &(_t104[1]);
						}
						if(_t67 != 0xffffffff) {
							_t15 =  &(_t109[1]);
							 *_t15 = _t109[1] - 1;
							if( *_t15 < 0) {
								_t69 = E7098CAA5(_t84, _t99, _t107, 0x70996174, _t84, _t109);
							} else {
								 *( *_t109) = _t84;
								_t102 =  *_t109;
								_t69 =  *_t102 & 0x000000ff;
								 *_t109 =  &(_t102[1]);
							}
							if(_t69 == 0xffffffff) {
								goto L15;
							} else {
								_t42 = _t84;
								goto L37;
							}
						} else {
							goto L15;
						}
					}
					_t72 = E70990FE7(_t84, _t92, _t107, 0x70996174, _t109);
					_pop(_t92);
					if(_t72 == 0xfffffffe) {
						goto L9;
					}
					_t84 = 0x70998d40 + (E70990FE7(_t84, _t92, _t107, 0x70996174, _t109) >> 5) * 4;
					_t49 = (E70990FE7(_t84, _t92, _t107, 0x70996174, _t109) & 0x0000001f) * 0x24 +  *_t84;
					_pop(_t92);
					goto L10;
				}
				_t78 = E70990FE7(_t84, _t91, __edx, 0x70996174, _t109);
				_pop(_t91);
				if(_t78 == 0xfffffffe) {
					goto L4;
				}
				_t84 = 0x70998d40 + (E70990FE7(_t84, _t91, __edx, 0x70996174, _t109) >> 5) * 4;
				_t45 = (E70990FE7(_t84, _t91, _t107, 0x70996174, _t109) & 0x0000001f) * 0x24 +  *_t84;
				_pop(_t91);
				goto L5;
			}






























                                                                                                                                0x70991057
                                                                                                                                0x7099105f
                                                                                                                                0x70991066
                                                                                                                                0x7099106b
                                                                                                                                0x70991073
                                                                                                                                0x70991209
                                                                                                                                0x70991209
                                                                                                                                0x70991209
                                                                                                                                0x7099120d
                                                                                                                                0x70991222
                                                                                                                                0x7099120f
                                                                                                                                0x70991211
                                                                                                                                0x70991214
                                                                                                                                0x70991217
                                                                                                                                0x70991217
                                                                                                                                0x70991229
                                                                                                                                0x70991237
                                                                                                                                0x70991237
                                                                                                                                0x7099107a
                                                                                                                                0x7099107f
                                                                                                                                0x70991088
                                                                                                                                0x709910b8
                                                                                                                                0x709910b8
                                                                                                                                0x709910ba
                                                                                                                                0x709910ba
                                                                                                                                0x709910c1
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709910c8
                                                                                                                                0x709910cd
                                                                                                                                0x709910d1
                                                                                                                                0x70991101
                                                                                                                                0x70991101
                                                                                                                                0x70991103
                                                                                                                                0x70991103
                                                                                                                                0x7099110a
                                                                                                                                0x7099116a
                                                                                                                                0x7099116f
                                                                                                                                0x70991173
                                                                                                                                0x709911a3
                                                                                                                                0x709911a3
                                                                                                                                0x709911a5
                                                                                                                                0x709911a9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709911c2
                                                                                                                                0x70991133
                                                                                                                                0x70991133
                                                                                                                                0x00000000
                                                                                                                                0x70991133
                                                                                                                                0x709911c8
                                                                                                                                0x709911cd
                                                                                                                                0x70991203
                                                                                                                                0x70991203
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709911cf
                                                                                                                                0x709911cf
                                                                                                                                0x709911cf
                                                                                                                                0x709911cf
                                                                                                                                0x709911d2
                                                                                                                                0x709911ed
                                                                                                                                0x709911f3
                                                                                                                                0x709911d4
                                                                                                                                0x709911da
                                                                                                                                0x709911dc
                                                                                                                                0x709911de
                                                                                                                                0x709911e1
                                                                                                                                0x709911e2
                                                                                                                                0x709911e2
                                                                                                                                0x709911f7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709911fd
                                                                                                                                0x70991201
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991201
                                                                                                                                0x00000000
                                                                                                                                0x709911cf
                                                                                                                                0x70991176
                                                                                                                                0x7099117b
                                                                                                                                0x7099117f
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7099118b
                                                                                                                                0x7099119d
                                                                                                                                0x709911a0
                                                                                                                                0x00000000
                                                                                                                                0x709911a0
                                                                                                                                0x7099110c
                                                                                                                                0x7099110c
                                                                                                                                0x7099110f
                                                                                                                                0x70991112
                                                                                                                                0x70991127
                                                                                                                                0x7099112d
                                                                                                                                0x70991114
                                                                                                                                0x70991116
                                                                                                                                0x70991118
                                                                                                                                0x7099111a
                                                                                                                                0x7099111d
                                                                                                                                0x7099111e
                                                                                                                                0x7099111e
                                                                                                                                0x70991131
                                                                                                                                0x7099113d
                                                                                                                                0x7099113d
                                                                                                                                0x70991140
                                                                                                                                0x70991155
                                                                                                                                0x70991142
                                                                                                                                0x70991144
                                                                                                                                0x70991146
                                                                                                                                0x70991148
                                                                                                                                0x7099114c
                                                                                                                                0x7099114c
                                                                                                                                0x7099115f
                                                                                                                                0x00000000
                                                                                                                                0x70991161
                                                                                                                                0x70991161
                                                                                                                                0x00000000
                                                                                                                                0x70991161
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70991131
                                                                                                                                0x709910d4
                                                                                                                                0x709910d9
                                                                                                                                0x709910dd
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709910e9
                                                                                                                                0x709910fb
                                                                                                                                0x709910fe
                                                                                                                                0x00000000
                                                                                                                                0x709910fe
                                                                                                                                0x7099108b
                                                                                                                                0x70991090
                                                                                                                                0x70991094
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709910a0
                                                                                                                                0x709910b2
                                                                                                                                0x709910b5
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __fileno$__cftof
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1302671315-0
                                                                                                                                • Opcode ID: e29cffaf946bf508847419701181d59cbe16ae0d6bf140e7971199940130885c
                                                                                                                                • Instruction ID: ce8bcbd8a14a54a518315e39f657276033f5554951d55cfd2f71dbfa046cf146
                                                                                                                                • Opcode Fuzzy Hash: e29cffaf946bf508847419701181d59cbe16ae0d6bf140e7971199940130885c
                                                                                                                                • Instruction Fuzzy Hash: D051D63213C614EEC7259B38D88595E7BACBED6224720061EF1B6CA3D0EA35E541C65F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3600, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 362COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_realloc.ADB(00000000,?), ref: 013E364A
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E368B
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E36EF
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E37AC
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E37EF
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E381E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E387D
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E393C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E3979
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E399D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_getmemcpy$R_put_errormemset$L_reallocmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 4103621695-2228489102
                                                                                                                                • Opcode ID: d6cb7b6054adafe0e682ed173224d63ebbbb0c72f721c091ebac5b52414286d6
                                                                                                                                • Instruction ID: f840910a84cafe257a809d69398b387b3e479b97e772eb0245d927a79a641d8c
                                                                                                                                • Opcode Fuzzy Hash: d6cb7b6054adafe0e682ed173224d63ebbbb0c72f721c091ebac5b52414286d6
                                                                                                                                • Instruction Fuzzy Hash: 3CD1D175A043159FEB10CF28D889B2AFBE5BF94348F08C62DE99957391E730E850CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3120, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 361COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E32CC
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E330F
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E333E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E339D
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E345C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E3499
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E34BD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_getmemcpy$R_put_errormemset$L_reallocmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 4103621695-2228489102
                                                                                                                                • Opcode ID: 8e828d4000f51980412feda211359165bde02d60b4bd67c2c5e688046fde00bb
                                                                                                                                • Instruction ID: 9e0af953129c672dcfd28d251a475cbe702f4830a4b453968961dff650a96948
                                                                                                                                • Opcode Fuzzy Hash: 8e828d4000f51980412feda211359165bde02d60b4bd67c2c5e688046fde00bb
                                                                                                                                • Instruction Fuzzy Hash: 61D1E075A043159FEB11DF28D885B2AFBE5BF94348F08C62DE99967381E730E950CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E7990, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 185COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_ucmp.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013E79B1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006B,external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c,000000AD), ref: 013E79CD
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c, xrefs: 013E79C2, 013E7A9D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c
                                                                                                                                • API String ID: 957535991-1233777809
                                                                                                                                • Opcode ID: f36d1f2df6b81556e3bc78b165f6069f76045297aaa3b81f08e1b761835492ba
                                                                                                                                • Instruction ID: a5c5013b89b5fbe7f49ee1993e99ac1c83f9d84fe95fdf98dd69677e350ee22e
                                                                                                                                • Opcode Fuzzy Hash: f36d1f2df6b81556e3bc78b165f6069f76045297aaa3b81f08e1b761835492ba
                                                                                                                                • Instruction Fuzzy Hash: 3E5117B1E143654FEB219F39D889716B7E4AF91648F04872DFD496B3C2E731E9408B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140B390, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa.c, xrefs: 0140B56D, 0140B5AD, 0140B5E9
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 0140B5D1
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/mul.c, xrefs: 0140B555
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/bn/mul.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 0-1490748939
                                                                                                                                • Opcode ID: 8ba2bcc413f4df53ab72d1ab6b4430c41da0e265a1215161327469b785f28316
                                                                                                                                • Instruction ID: 95b369af93d4e9145607a821fd4b2315390498d6c3c274dd5e55a59977d1e2dc
                                                                                                                                • Opcode Fuzzy Hash: 8ba2bcc413f4df53ab72d1ab6b4430c41da0e265a1215161327469b785f28316
                                                                                                                                • Instruction Fuzzy Hash: 2A51B8B05443809BFB328F19DC16BD7B7E4BFA0318F444519EA481B2D1E7B78186CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709894B4, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 140memorylibraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E709894B4(void* __edx) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				void* _v24;
				intOrPtr _v28;
				long _v32;
				struct _MEMORY_BASIC_INFORMATION _v60;
				struct _SYSTEM_INFO _v96;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				void* _t43;
				void* _t44;
				void* _t48;
				signed int _t54;
				struct HINSTANCE__* _t62;
				_Unknown_base(*)()* _t63;
				long _t65;
				intOrPtr _t67;
				void* _t68;
				long _t73;
				void* _t78;
				signed int _t83;
				void* _t84;

				_t72 = __edx;
				_t40 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t40 ^ _t83;
				_t78 = 0;
				_v16 = 0;
				_t43 = E70989A70( &_v16);
				_pop(_t68);
				if(_t43 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E7098C94B(_t67, _t68, __edx, _t73, 0);
					_t84 = _t84 + 0x14;
				}
				_t44 = 4;
				E7098EB80(_t44);
				_v24 = _t84;
				if(VirtualQuery(_v24,  &_v60, 0x1c) == 0) {
					L21:
					_t48 = 0;
					L22:
					return E70987FB3(_t48, _t67, _v8 ^ _t83, _t72, _t73, _t78);
				}
				_v28 = _v60.AllocationBase;
				GetSystemInfo( &_v96);
				_t67 = _v96.dwPageSize;
				asm("sbb edi, edi");
				_t73 = ( ~(_v16 - 1) & 0x00000103) + 1;
				_v12 = _t78;
				if(_v16 != 2) {
					L10:
					_t78 = _t67 - 1;
					if(E70989488(_v12, _t78,  &_v12) < 0) {
						goto L21;
					}
					_t78 =  !_t78;
					_t23 =  &_v12;
					 *_t23 = _v12 & _t78;
					if( *_t23 == 0 || E70989488(_v12, _t67,  &_v12) >= 0) {
						_t54 = _t67 + _t67;
						if(_v12 < _t54) {
							_v12 = _t54;
						}
						_t78 = ( !(_t67 - 1) & _v24) - _v12;
						if(_v16 == 1) {
							_t67 = 0x11;
						}
						if(_t78 < _t67 || VirtualAlloc(_t78, _v12, 0x1000, 4) == 0 || VirtualProtect(_t78, _v12, _t73,  &_v32) == 0) {
							goto L21;
						} else {
							_t48 = 1;
							goto L22;
						}
					} else {
						goto L21;
					}
				}
				_v20 = _t78;
				_t62 = GetModuleHandleW(L"kernelbase.dll");
				if(_t62 != 0) {
					L6:
					_t63 = GetProcAddress(_t62, "SetThreadStackGuarantee");
					if(_t63 != 0) {
						_v20 = _v20 & 0x00000000;
						_push( &_v20);
						if( *_t63() == 1) {
							_t65 = _v20;
							if(_t65 > 0) {
								_v12 = _t65;
							}
						}
					}
					goto L10;
				}
				_t62 = GetModuleHandleW(L"kernel32.dll");
				if(_t62 == 0) {
					goto L10;
				}
				goto L6;
			}






























                                                                                                                                0x709894b4
                                                                                                                                0x709894bc
                                                                                                                                0x709894c3
                                                                                                                                0x709894cc
                                                                                                                                0x709894cf
                                                                                                                                0x709894d2
                                                                                                                                0x709894d7
                                                                                                                                0x709894da
                                                                                                                                0x709894dc
                                                                                                                                0x709894dd
                                                                                                                                0x709894de
                                                                                                                                0x709894df
                                                                                                                                0x709894e0
                                                                                                                                0x709894e1
                                                                                                                                0x709894e6
                                                                                                                                0x709894e6
                                                                                                                                0x709894eb
                                                                                                                                0x709894ec
                                                                                                                                0x709894f1
                                                                                                                                0x70989505
                                                                                                                                0x70989605
                                                                                                                                0x70989605
                                                                                                                                0x70989607
                                                                                                                                0x70989618
                                                                                                                                0x70989618
                                                                                                                                0x7098950e
                                                                                                                                0x70989515
                                                                                                                                0x7098951e
                                                                                                                                0x70989524
                                                                                                                                0x7098952c
                                                                                                                                0x70989531
                                                                                                                                0x70989534
                                                                                                                                0x7098957e
                                                                                                                                0x70989582
                                                                                                                                0x70989593
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70989595
                                                                                                                                0x70989597
                                                                                                                                0x70989597
                                                                                                                                0x7098959a
                                                                                                                                0x709895b0
                                                                                                                                0x709895b6
                                                                                                                                0x709895b8
                                                                                                                                0x709895b8
                                                                                                                                0x709895c3
                                                                                                                                0x709895ca
                                                                                                                                0x709895ce
                                                                                                                                0x709895ce
                                                                                                                                0x709895d6
                                                                                                                                0x00000000
                                                                                                                                0x70989600
                                                                                                                                0x70989602
                                                                                                                                0x00000000
                                                                                                                                0x70989602
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098959a
                                                                                                                                0x70989536
                                                                                                                                0x70989544
                                                                                                                                0x70989548
                                                                                                                                0x70989555
                                                                                                                                0x7098955b
                                                                                                                                0x70989563
                                                                                                                                0x70989565
                                                                                                                                0x7098956c
                                                                                                                                0x70989572
                                                                                                                                0x70989574
                                                                                                                                0x70989579
                                                                                                                                0x7098957b
                                                                                                                                0x7098957b
                                                                                                                                0x70989579
                                                                                                                                0x70989572
                                                                                                                                0x00000000
                                                                                                                                0x70989563
                                                                                                                                0x7098954f
                                                                                                                                0x70989553
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 709894D2
                                                                                                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 709894FD
                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 70989515
                                                                                                                                • GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 70989544
                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 7098954F
                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 7098955B
                                                                                                                                • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 709895E3
                                                                                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 709895F6
                                                                                                                                  • Part of subcall function 7098C94B: OutputDebugStringA.KERNEL32(Invalid parameter passed to C runtime function.), ref: 7098C9DF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Virtual$HandleModule$AddressAllocDebugInfoOutputProcProtectQueryStringSystem__get_wpgmptr
                                                                                                                                • String ID: SetThreadStackGuarantee$kernel32.dll$kernelbase.dll
                                                                                                                                • API String ID: 2360367170-621517
                                                                                                                                • Opcode ID: e8d8e3eda6b306c048b1b4911fe5b4b6b4795f92cd5daf691c059afbb2ea5b21
                                                                                                                                • Instruction ID: 78b5451f29b4610263a99d8568a40da1ae78cd40652d533109220c1cfa889f8e
                                                                                                                                • Opcode Fuzzy Hash: e8d8e3eda6b306c048b1b4911fe5b4b6b4795f92cd5daf691c059afbb2ea5b21
                                                                                                                                • Instruction Fuzzy Hash: A5412E72E00219ABDB01DFA5CD85BDEBBBCAF44254F140065E907F6394E734AA45CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140B0F0, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140B131
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 0140B182
                                                                                                                                • RSA_verify_raw.ADB(?,?,00000000,-00000007,?,?,00000001), ref: 0140B1A6
                                                                                                                                • RSA_add_pkcs1_prefix.ADB(?,?,?,?,?,?), ref: 0140B1CA
                                                                                                                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 0140B1EF
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000069,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000263), ref: 0140B20B
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140B216
                                                                                                                                • OPENSSL_free.ADB ref: 0140B228
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000090,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000240), ref: 0140B242
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$A_add_pkcs1_prefixA_verify_rawL_mallocN_num_bitsmemcmp
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c$r
                                                                                                                                • API String ID: 1000397316-3628701148
                                                                                                                                • Opcode ID: e1af59381dbd99f8f7d37297525b8ff8882cd169968844ee27ac2a5998186992
                                                                                                                                • Instruction ID: e82b445c839352c42cc0e73a246353d4477f84ab43cb75a76188369792ce2aa6
                                                                                                                                • Opcode Fuzzy Hash: e1af59381dbd99f8f7d37297525b8ff8882cd169968844ee27ac2a5998186992
                                                                                                                                • Instruction Fuzzy Hash: 733167B56403017BF6116626CC4AF2B3A98EFA0744F44843EFA4D5A3E1E671D442C256
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989E4A, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 52libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E70989E4A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t27;
				intOrPtr _t31;
				void* _t36;
				void* _t39;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x70993938);
				E70988D28(__ebx, __edi, __esi);
				_t23 = GetModuleHandleW(L"KERNELBASE.DLL");
				 *(_t46 - 0x1c) = _t23;
				if(_t23 == 0) {
					 *(_t46 - 0x1c) = GetModuleHandleW(L"KERNEL32.DLL");
				}
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x709960e0;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if( *(_t46 - 0x1c) != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress( *(_t46 - 0x1c), "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x709961c0;
				InterlockedIncrement(0x709961c0);
				E7098DA52(_t35, _t36, _t39, 1, 0xc);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t27 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t27;
				if(_t27 == 0) {
					_t31 =  *0x709967c8; // 0x709966f0
					 *((intOrPtr*)(_t45 + 0x6c)) = _t31;
				}
				_t20 = _t45 + 0x6c; // 0x80ec8b55
				E7098C69C( *_t20);
				 *(_t46 - 4) = 0xfffffffe;
				return E70988D6D(E70989F09());
			}










                                                                                                                                0x70989e4a
                                                                                                                                0x70989e4a
                                                                                                                                0x70989e4c
                                                                                                                                0x70989e51
                                                                                                                                0x70989e61
                                                                                                                                0x70989e63
                                                                                                                                0x70989e68
                                                                                                                                0x70989e71
                                                                                                                                0x70989e71
                                                                                                                                0x70989e74
                                                                                                                                0x70989e77
                                                                                                                                0x70989e81
                                                                                                                                0x70989e88
                                                                                                                                0x70989e92
                                                                                                                                0x70989e9a
                                                                                                                                0x70989eaa
                                                                                                                                0x70989eaa
                                                                                                                                0x70989eb0
                                                                                                                                0x70989eb3
                                                                                                                                0x70989eba
                                                                                                                                0x70989ec6
                                                                                                                                0x70989eca
                                                                                                                                0x70989ed2
                                                                                                                                0x70989ed8
                                                                                                                                0x70989edc
                                                                                                                                0x70989edf
                                                                                                                                0x70989ee4
                                                                                                                                0x70989ee6
                                                                                                                                0x70989eeb
                                                                                                                                0x70989eeb
                                                                                                                                0x70989eee
                                                                                                                                0x70989ef1
                                                                                                                                0x70989ef7
                                                                                                                                0x70989f08

                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNELBASE.DLL,70993938,0000000C,70989F77,00000000,00000000,?,70986DBD,?), ref: 70989E61
                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,70986DBD,?), ref: 70989E6F
                                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 70989E98
                                                                                                                                • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 70989EA8
                                                                                                                                • InterlockedIncrement.KERNEL32(709961C0), ref: 70989ECA
                                                                                                                                • __lock.LIBCMT ref: 70989ED2
                                                                                                                                • ___addlocaleref.LIBCMT ref: 70989EF1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc$IncrementInterlocked___addlocaleref__lock
                                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL$KERNELBASE.DLL
                                                                                                                                • API String ID: 1722640559-1441178087
                                                                                                                                • Opcode ID: 9af01fa8dca17ab6eba9b93b0aa371705d0914e6af6dcaf5ecc58d838f285b60
                                                                                                                                • Instruction ID: 9ee008d5adcf9ff440a6059e40e114b11af8c81737fac1f9193f86d15b6c58ad
                                                                                                                                • Opcode Fuzzy Hash: 9af01fa8dca17ab6eba9b93b0aa371705d0914e6af6dcaf5ecc58d838f285b60
                                                                                                                                • Instruction Fuzzy Hash: 85113AB1904705DED7219F66CC40B5EBBF8AF44218F14852AE896A73E0D778A940CF56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70433371, Relevance: 18.1, APIs: 12, Instructions: 97pipeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 47%
                                                                                                                                			E70433371(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t41;
				intOrPtr _t44;
				intOrPtr _t46;
				signed int _t48;
				intOrPtr* _t51;
				struct _CRITICAL_SECTION* _t67;
				intOrPtr* _t70;
				intOrPtr _t71;
				void* _t72;

				_push(0x1c);
				E704347D4(E7043C26E, __ebx, __edi, __esi);
				_t70 = __ecx;
				_t67 = __ecx + 0x18;
				EnterCriticalSection(_t67);
				_push(_t67);
				if( *((intOrPtr*)(_t70 + 0x30)) == 0) {
					 *((intOrPtr*)(_t70 + 0x34)) =  *((intOrPtr*)(_t70 + 0x34)) + 1;
					LeaveCriticalSection(??);
					 *((intOrPtr*)(_t72 - 0x14)) = _t70;
					_push( *((intOrPtr*)(_t72 + 0x18)));
					 *((intOrPtr*)(_t72 - 4)) = 0;
					if( *((intOrPtr*)( *_t70 + 0x38))() != 0) {
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t41 = CreateEventW(0, 1, 0, 0);
						_push(_t72 - 0x28);
						_push(_t72 - 0x10);
						_push( *((intOrPtr*)(_t72 + 0x10)));
						 *(_t72 - 0x18) = _t41;
						_push( *((intOrPtr*)(_t72 + 0xc)));
						 *((char*)(_t72 + 8)) =  *((intOrPtr*)(_t70 + 0x14));
						_push( *((intOrPtr*)(_t72 + 8)));
						 *((intOrPtr*)(_t72 - 0x10)) = 0;
						_t44 =  *((intOrPtr*)( *((intOrPtr*)(_t70 + 0x10)) + 0x48));
						_push(_t44);
						if( *((intOrPtr*)(_t72 + 8)) == 0) {
							L7043C0D0();
						} else {
							L7043C0DC();
						}
						if(_t44 != 0 || GetLastError() == 0x3e5) {
							_t46 =  *((intOrPtr*)( *((intOrPtr*)(_t70 + 0x10)) + 0x48));
							_push(1);
							_push(_t72 - 0x10);
							_push(_t72 - 0x28);
							_push(_t46);
							L7043C10C();
							_t71 = _t46;
							if(_t71 != 0) {
								_t51 =  *((intOrPtr*)(_t72 + 0x14));
								if(_t51 != 0) {
									 *_t51 =  *((intOrPtr*)(_t72 - 0x10));
								}
							}
							if( *(_t72 - 0x18) != 0) {
								CloseHandle( *(_t72 - 0x18));
							}
							_t48 = E70433250(_t72 - 0x14) & 0xffffff00 | _t71 != 0x00000000;
							goto L18;
						} else {
							if( *(_t72 - 0x18) != 0) {
								CloseHandle( *(_t72 - 0x18));
							}
							goto L4;
						}
					}
					L4:
					E70433250(_t72 - 0x14);
					goto L2;
				} else {
					LeaveCriticalSection();
					SetLastError(0x2a4);
					L2:
					_t48 = 0;
					L18:
					return E70434885(_t48);
				}
			}












                                                                                                                                0x70433371
                                                                                                                                0x70433378
                                                                                                                                0x7043337d
                                                                                                                                0x7043337f
                                                                                                                                0x70433383
                                                                                                                                0x7043338b
                                                                                                                                0x7043338f
                                                                                                                                0x704333a9
                                                                                                                                0x704333ac
                                                                                                                                0x704333b2
                                                                                                                                0x704333b5
                                                                                                                                0x704333bc
                                                                                                                                0x704333c4
                                                                                                                                0x704333d5
                                                                                                                                0x704333d6
                                                                                                                                0x704333d7
                                                                                                                                0x704333da
                                                                                                                                0x704333de
                                                                                                                                0x704333df
                                                                                                                                0x704333eb
                                                                                                                                0x704333ef
                                                                                                                                0x704333f0
                                                                                                                                0x704333f3
                                                                                                                                0x704333f9
                                                                                                                                0x704333fc
                                                                                                                                0x70433402
                                                                                                                                0x70433405
                                                                                                                                0x70433408
                                                                                                                                0x7043340b
                                                                                                                                0x7043340c
                                                                                                                                0x70433415
                                                                                                                                0x7043340e
                                                                                                                                0x7043340e
                                                                                                                                0x7043340e
                                                                                                                                0x7043341c
                                                                                                                                0x7043343e
                                                                                                                                0x70433441
                                                                                                                                0x70433446
                                                                                                                                0x7043344a
                                                                                                                                0x7043344b
                                                                                                                                0x7043344c
                                                                                                                                0x70433451
                                                                                                                                0x70433455
                                                                                                                                0x70433457
                                                                                                                                0x7043345c
                                                                                                                                0x70433461
                                                                                                                                0x70433461
                                                                                                                                0x7043345c
                                                                                                                                0x70433466
                                                                                                                                0x7043346b
                                                                                                                                0x7043346b
                                                                                                                                0x7043347b
                                                                                                                                0x00000000
                                                                                                                                0x7043342b
                                                                                                                                0x7043342e
                                                                                                                                0x70433433
                                                                                                                                0x70433433
                                                                                                                                0x00000000
                                                                                                                                0x7043342e
                                                                                                                                0x7043341c
                                                                                                                                0x704333c6
                                                                                                                                0x704333c9
                                                                                                                                0x00000000
                                                                                                                                0x70433391
                                                                                                                                0x70433391
                                                                                                                                0x7043339c
                                                                                                                                0x704333a2
                                                                                                                                0x704333a2
                                                                                                                                0x7043347e
                                                                                                                                0x70433483
                                                                                                                                0x70433483

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3.LIBCMT ref: 70433378
                                                                                                                                • EnterCriticalSection.KERNEL32(?,0000001C), ref: 70433383
                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 70433391
                                                                                                                                • SetLastError.KERNEL32(000002A4), ref: 7043339C
                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 704333AC
                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 704333DF
                                                                                                                                • WinUsb_ReadPipe.WINUSB(?,?,?,?,?,?), ref: 7043340E
                                                                                                                                • WinUsb_WritePipe.WINUSB(?,?,?,?,?,?), ref: 70433415
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 7043341E
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 70433433
                                                                                                                                • WinUsb_GetOverlappedResult.WINUSB(?,?,?,00000001,?,?,?,?,?,?), ref: 7043344C
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000001,?,?,?,?,?,?), ref: 7043346B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSectionUsb_$CloseErrorHandleLastLeavePipe$CreateEnterEventH_prolog3OverlappedReadResultWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3399174664-0
                                                                                                                                • Opcode ID: 579b7eca6da29ea5d7c2b4c75f82709cf65ee41fb9c2a4af1a1ba4c1f24f8f62
                                                                                                                                • Instruction ID: 4e3e3b4e00b1202fad62b196a845282cc5163571b1638b53ba70a0762f4ba89a
                                                                                                                                • Opcode Fuzzy Hash: 579b7eca6da29ea5d7c2b4c75f82709cf65ee41fb9c2a4af1a1ba4c1f24f8f62
                                                                                                                                • Instruction Fuzzy Hash: 41316D32800245EFDF129FA4C8859EEFB75BF1C701F90642DE652B7260DB74A944DB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EB680, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 185COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 013EB8D0: ERR_put_error.ADB(00000003,00000000,00000069,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000000A5), ref: 013EB983
                                                                                                                                • OPENSSL_malloc.ADB(00000018,00000000,?,?), ref: 013EB6AD
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • BN_div.ADB(00000000,?,?,00000000,?,?,?,00000000,?,?), ref: 013EB751
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0,?,?,?,?,?,?,?,00000000,?,?), ref: 013EB810
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F,?,00000000,?,?), ref: 013EB83B
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?,00000000,?,?), ref: 013EB89D
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,00000000,?,?), ref: 013EB8A8
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,?,?,00000000,?,?), ref: 013EB8B1
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013EB830
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013EB805
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocN_divmallocsk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1788305715-3640079272
                                                                                                                                • Opcode ID: 64e048999f93ee6f38b78f5a0fcc5c4b7733ab3be965b6591b3fd03f49b3753d
                                                                                                                                • Instruction ID: 57a0b2ed428b097f35c98ad8683841299b75abc3eb315e666d8af5d827057ae1
                                                                                                                                • Opcode Fuzzy Hash: 64e048999f93ee6f38b78f5a0fcc5c4b7733ab3be965b6591b3fd03f49b3753d
                                                                                                                                • Instruction Fuzzy Hash: 7D515A759003189FE322AF28DC59B26FBE4AFA434CF04862CEA59A73D5E771E505C781
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC850, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC887
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000374), ref: 013FC8B1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC8D1
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FC8EE
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,000000CC), ref: 013FCAA2
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013FCAC2
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FCACD
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FCAD6
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC898, 013FC8A6
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013FCA85
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeP_cmp$L_mallocR_put_errormemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 4285960366-4021196227
                                                                                                                                • Opcode ID: e78be7198dea31e9b924d865467ac7163fdea325a35c876ac8867e316e9f06d5
                                                                                                                                • Instruction ID: ee8c38f66ac956bc51accdd508af8f1ae9b088bf32350af30d8a156580b7cc43
                                                                                                                                • Opcode Fuzzy Hash: e78be7198dea31e9b924d865467ac7163fdea325a35c876ac8867e316e9f06d5
                                                                                                                                • Instruction Fuzzy Hash: 1061C470944385ABFB268F18DC02FE677B8BFD031CF044518EA485B251E77296968BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EDC40, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018,?), ref: 013EDCAC
                                                                                                                                • OPENSSL_realloc.ADB(00000000,00000080), ref: 013EDCEA
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013EDD11
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocL_realloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 2647832653-589256770
                                                                                                                                • Opcode ID: 2c13b16cd033328e57f31f93610957fbe6fcff03709a3369a423d83e2e537e9e
                                                                                                                                • Instruction ID: f3ceb12fe2cbbb5e6851f3e31e0b4bee6295e4220943edf193e92e504e8b1a0f
                                                                                                                                • Opcode Fuzzy Hash: 2c13b16cd033328e57f31f93610957fbe6fcff03709a3369a423d83e2e537e9e
                                                                                                                                • Instruction Fuzzy Hash: 0941C7B15043519FEB219F69D848B5BBBE4AF9070CF04482CE988572E1E3B6E549CB93
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709916DD, Relevance: 16.7, APIs: 11, Instructions: 178COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E709916DD(int _a4, int _a8, char* _a12, intOrPtr* _a16, char* _a20, int _a24) {
				signed int _v8;
				struct _cpinfo _v28;
				int _v32;
				int _v36;
				int _v40;
				char* _v44;
				int _v48;
				int* _v52;
				char* _v56;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				intOrPtr* _t59;
				int _t61;
				int _t62;
				int _t64;
				char* _t70;
				int _t71;
				int _t76;
				char* _t80;
				char* _t92;
				char* _t93;
				int _t94;
				signed int _t96;
				int _t97;
				int _t108;

				_t56 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t56 ^ _t96;
				_v44 = _a12;
				_t59 = _a16;
				_v52 = _t59;
				_v40 =  *_t59;
				_t61 = _a4;
				_v56 = _a20;
				_v36 = 0;
				_v48 = 0;
				if(_t61 == _a8) {
					L35:
					_t62 = _v36;
					L36:
					return E70987FB3(_t62, 0, _v8 ^ _t96, _t92, _t93, _t94);
				}
				_t86 =  &_v28;
				_t64 = GetCPInfo(_t61,  &_v28);
				_t93 = MultiByteToWideChar;
				if(_t64 == 0 || _v28 != 1 || GetCPInfo(_a8,  &_v28) == 0 || _v28 != 1) {
					_t94 = MultiByteToWideChar(_a4, 1, _v44, _v40, 0, 0);
					__eflags = _t94;
					if(_t94 != 0) {
						goto L10;
					}
					goto L16;
				} else {
					_t94 = _v40;
					_v48 = 1;
					if(_t94 != 0xffffffff) {
						L9:
						_t108 = _t94;
						L10:
						if(_t108 <= 0 || _t94 > 0x7ffffff0) {
							_v32 = 0;
							goto L22;
						} else {
							_t24 = _t94 + 8; // 0x7098fa0f
							_t75 = _t94 + _t24;
							if(_t94 + _t24 > 0x400) {
								_t76 = E70988B9E(0, _t93, _t75);
								_pop(_t86);
								__eflags = _t76;
								if(_t76 == 0) {
									L20:
									_v32 = _t76;
									L22:
									if(_v32 == 0) {
										L16:
										_t62 = 0;
										goto L36;
									}
									E70989080(_t93, _v32, 0, _t94 + _t94);
									if(MultiByteToWideChar(_a4, 1, _v44, _v40, _v32, _t94) == 0) {
										L34:
										E7098F2EF(_v32);
										goto L35;
									}
									_t93 = _v56;
									if(_t93 == 0) {
										_t93 = WideCharToMultiByte;
										__eflags = _v48;
										if(__eflags != 0) {
											L29:
											_t70 = E70989222(_t86, _t94, __eflags, 1, _t94);
											_v36 = _t70;
											__eflags = _t70;
											if(_t70 != 0) {
												_t71 = WideCharToMultiByte(_a8, 0, _v32, _t94, _t70, _t94, 0, 0);
												__eflags = _t71;
												if(__eflags != 0) {
													__eflags = _v40 - 0xffffffff;
													if(_v40 != 0xffffffff) {
														 *_v52 = _t71;
													}
												} else {
													_push(_v36);
													E70988AB7(0, _t93, _t94, __eflags);
													_v36 = 0;
												}
											}
											goto L34;
										}
										_t94 = WideCharToMultiByte(_a8, 0, _v32, _t94, 0, 0, 0, 0);
										__eflags = _t94;
										if(__eflags == 0) {
											goto L34;
										}
										goto L29;
									}
									if(WideCharToMultiByte(_a8, 0, _v32, _t94, _t93, _a24, 0, 0) != 0) {
										_v36 = _t93;
									}
									goto L34;
								}
								 *_t76 = 0xdddd;
								L19:
								_t76 = _t76 + 8;
								goto L20;
							}
							E70989680(_t75);
							_t76 = _t97;
							if(_t76 == 0) {
								goto L20;
							} else {
								 *_t76 = 0xcccc;
								goto L19;
							}
						}
					} else {
						_t80 = _v44;
						_t92 =  &(_t80[1]);
						goto L7;
						L7:
						_t86 =  *_t80;
						_t80 =  &(_t80[1]);
						if(_t86 != 0) {
							goto L7;
						} else {
							_t94 = _t80 - _t92 + 1;
							goto L9;
						}
					}
				}
			}
































                                                                                                                                0x709916e5
                                                                                                                                0x709916ec
                                                                                                                                0x709916f5
                                                                                                                                0x709916f8
                                                                                                                                0x709916fb
                                                                                                                                0x70991703
                                                                                                                                0x70991706
                                                                                                                                0x7099170b
                                                                                                                                0x7099170e
                                                                                                                                0x70991711
                                                                                                                                0x70991717
                                                                                                                                0x70991882
                                                                                                                                0x70991882
                                                                                                                                0x70991885
                                                                                                                                0x70991896
                                                                                                                                0x70991896
                                                                                                                                0x70991723
                                                                                                                                0x70991728
                                                                                                                                0x7099172a
                                                                                                                                0x70991732
                                                                                                                                0x709917a7
                                                                                                                                0x709917a9
                                                                                                                                0x709917ab
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7099174d
                                                                                                                                0x7099174d
                                                                                                                                0x70991750
                                                                                                                                0x7099175a
                                                                                                                                0x7099176e
                                                                                                                                0x7099176e
                                                                                                                                0x70991770
                                                                                                                                0x70991770
                                                                                                                                0x709917cd
                                                                                                                                0x00000000
                                                                                                                                0x7099177a
                                                                                                                                0x7099177a
                                                                                                                                0x7099177a
                                                                                                                                0x70991783
                                                                                                                                0x709917b5
                                                                                                                                0x709917ba
                                                                                                                                0x709917bb
                                                                                                                                0x709917bd
                                                                                                                                0x709917c8
                                                                                                                                0x709917c8
                                                                                                                                0x709917d0
                                                                                                                                0x709917d3
                                                                                                                                0x709917ad
                                                                                                                                0x709917ad
                                                                                                                                0x00000000
                                                                                                                                0x709917ad
                                                                                                                                0x709917dd
                                                                                                                                0x709917f8
                                                                                                                                0x70991879
                                                                                                                                0x7099187c
                                                                                                                                0x00000000
                                                                                                                                0x70991881
                                                                                                                                0x709917fa
                                                                                                                                0x709917ff
                                                                                                                                0x7099181e
                                                                                                                                0x70991824
                                                                                                                                0x70991827
                                                                                                                                0x7099183d
                                                                                                                                0x70991840
                                                                                                                                0x70991847
                                                                                                                                0x7099184a
                                                                                                                                0x7099184c
                                                                                                                                0x7099185a
                                                                                                                                0x7099185c
                                                                                                                                0x7099185e
                                                                                                                                0x7099186e
                                                                                                                                0x70991872
                                                                                                                                0x70991877
                                                                                                                                0x70991877
                                                                                                                                0x70991860
                                                                                                                                0x70991860
                                                                                                                                0x70991863
                                                                                                                                0x70991869
                                                                                                                                0x70991869
                                                                                                                                0x7099185e
                                                                                                                                0x00000000
                                                                                                                                0x7099184c
                                                                                                                                0x70991837
                                                                                                                                0x70991839
                                                                                                                                0x7099183b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7099183b
                                                                                                                                0x70991817
                                                                                                                                0x70991819
                                                                                                                                0x70991819
                                                                                                                                0x00000000
                                                                                                                                0x70991817
                                                                                                                                0x709917bf
                                                                                                                                0x709917c5
                                                                                                                                0x709917c5
                                                                                                                                0x00000000
                                                                                                                                0x709917c5
                                                                                                                                0x70991785
                                                                                                                                0x7099178a
                                                                                                                                0x7099178e
                                                                                                                                0x00000000
                                                                                                                                0x70991790
                                                                                                                                0x70991790
                                                                                                                                0x00000000
                                                                                                                                0x70991790
                                                                                                                                0x7099178e
                                                                                                                                0x7099175c
                                                                                                                                0x7099175c
                                                                                                                                0x7099175f
                                                                                                                                0x7099175f
                                                                                                                                0x70991762
                                                                                                                                0x70991762
                                                                                                                                0x70991764
                                                                                                                                0x70991767
                                                                                                                                0x00000000
                                                                                                                                0x70991769
                                                                                                                                0x7099176b
                                                                                                                                0x00000000
                                                                                                                                0x7099176b
                                                                                                                                0x70991767
                                                                                                                                0x7099175a

                                                                                                                                APIs
                                                                                                                                • GetCPInfo.KERNEL32(?,00000000,?,00000000,00000000,00000001,?,?,?,7098FA07,00000001,?,00000000,?,?,?), ref: 70991728
                                                                                                                                • GetCPInfo.KERNEL32(?,00000001,?,7098FA07,00000001,?), ref: 70991741
                                                                                                                                • __alloca_probe_16.LIBCMT ref: 70991785
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,7098FA07,00000000,00000000,?,7098FA07,00000001,?,00000000,?,?,?,?,00000000), ref: 709917A5
                                                                                                                                • _malloc.LIBCMT ref: 709917B5
                                                                                                                                • _memset.LIBCMT ref: 709917DD
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,7098FA07,?,00000000,?,?,?,?,?,?,?,7098FA07,00000001,?), ref: 709917F4
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,7098FA07), ref: 7099180F
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,7098FA07), ref: 70991835
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,7098FA07), ref: 7099185A
                                                                                                                                • __freea.LIBCMT ref: 7099187C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$Info$__alloca_probe_16__freea_malloc_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 297865700-0
                                                                                                                                • Opcode ID: 4aa1da8d28a032ae45f8ccb74847e9b797a7eca6a6ee233e0b8ed9e147facecb
                                                                                                                                • Instruction ID: 718a8de78180013cb052fe54214f629f0a3c97634fde69930ec64ee308342074
                                                                                                                                • Opcode Fuzzy Hash: 4aa1da8d28a032ae45f8ccb74847e9b797a7eca6a6ee233e0b8ed9e147facecb
                                                                                                                                • Instruction Fuzzy Hash: 23514A72D1011AEFDF019F95CD809EEBBBEFB88364B104129E516A7390D7319C41DB66
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140B260, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140B2A7
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 0140B2BB
                                                                                                                                • RSA_verify_raw.ADB(?,?,00000000,-00000007,?,?,00000003), ref: 0140B2D9
                                                                                                                                • RSA_verify_PKCS1_PSS_mgf1.ADB(?,?,?,?,00000000,?), ref: 0140B317
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007D,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000275), ref: 0140B333
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140B342
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000044,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,00000286), ref: 0140B366
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140B36F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bitsR_put_error$A_verify_A_verify_rawL_freeL_mallocS_mgf1
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 1631751739-3754478375
                                                                                                                                • Opcode ID: 2312ea7302cd9e0c85104c748180241756b667b1d557917beccc642ad8aface8
                                                                                                                                • Instruction ID: 550a9d6949f77e9d8cb80b6afc268319196a2bb05286809162a58c3d3a558c00
                                                                                                                                • Opcode Fuzzy Hash: 2312ea7302cd9e0c85104c748180241756b667b1d557917beccc642ad8aface8
                                                                                                                                • Instruction Fuzzy Hash: 1D3126B5B44301BBE711BA269C06F1F37E8EF90644F444039FE4D9B3E1E6B1D9018666
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6C60, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000004), ref: 013E6CAA
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E6CBA
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,0000016D), ref: 013E6CF4
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000044,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,000004D7), ref: 013E6D0C
                                                                                                                                • BN_mod_exp_mont.ADB(?,?,?,?,?,?), ref: 013E6D43
                                                                                                                                • OPENSSL_free.ADB ref: 013E6D58
                                                                                                                                • OPENSSL_free.ADB ref: 013E6D74
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c, xrefs: 013E6D01
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E6CE9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_error$L_mallocN_mod_exp_mont
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c
                                                                                                                                • API String ID: 702607669-79529261
                                                                                                                                • Opcode ID: 7336edae9011bcf039174625b53906f74d7f3d0181aadeae56e9844651fccb83
                                                                                                                                • Instruction ID: 98a3adc8e3d3aea34f4288ca9a66c7a80dfaee8033be6d4676c49eb96726cc58
                                                                                                                                • Opcode Fuzzy Hash: 7336edae9011bcf039174625b53906f74d7f3d0181aadeae56e9844651fccb83
                                                                                                                                • Instruction Fuzzy Hash: 6E31C1F1A00325ABEB109F19CC0AB6B77E8AFA0718F448019FD449B281E771E85187D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043BA9E, Relevance: 15.2, APIs: 10, Instructions: 178COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E7043BA9E(int _a4, int _a8, char* _a12, intOrPtr* _a16, char* _a20, int _a24) {
				signed int _v8;
				struct _cpinfo _v28;
				int _v32;
				int _v36;
				int _v40;
				char* _v44;
				int _v48;
				int* _v52;
				char* _v56;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				intOrPtr* _t59;
				int _t61;
				int _t62;
				int _t64;
				char* _t70;
				int _t71;
				int _t76;
				char* _t80;
				char* _t92;
				char* _t93;
				int _t94;
				signed int _t96;
				int _t97;
				int _t108;

				_t56 =  *0x7043e060; // 0x4d88bf16
				_v8 = _t56 ^ _t96;
				_v44 = _a12;
				_t59 = _a16;
				_v52 = _t59;
				_v40 =  *_t59;
				_t61 = _a4;
				_v56 = _a20;
				_v36 = 0;
				_v48 = 0;
				if(_t61 == _a8) {
					L35:
					_t62 = _v36;
					L36:
					return E704347BF(_t62, 0, _v8 ^ _t96, _t92, _t93, _t94);
				}
				_t86 =  &_v28;
				_t64 = GetCPInfo(_t61,  &_v28);
				_t93 = MultiByteToWideChar;
				if(_t64 == 0 || _v28 != 1 || GetCPInfo(_a8,  &_v28) == 0 || _v28 != 1) {
					_t94 = MultiByteToWideChar(_a4, 1, _v44, _v40, 0, 0);
					__eflags = _t94;
					if(_t94 != 0) {
						goto L10;
					}
					goto L16;
				} else {
					_t94 = _v40;
					_v48 = 1;
					if(_t94 != 0xffffffff) {
						L9:
						_t108 = _t94;
						L10:
						if(_t108 <= 0 || _t94 > 0x7ffffff0) {
							_v32 = 0;
							goto L22;
						} else {
							_t24 = _t94 + 8; // 0x7043b352
							_t75 = _t94 + _t24;
							if(_t94 + _t24 > 0x400) {
								_t76 = E70435133(0, _t93, _t75);
								_pop(_t86);
								__eflags = _t76;
								if(_t76 == 0) {
									L20:
									_v32 = _t76;
									L22:
									if(_v32 == 0) {
										L16:
										_t62 = 0;
										goto L36;
									}
									E70435060(_t93, _v32, 0, _t94 + _t94);
									if(MultiByteToWideChar(_a4, 1, _v44, _v40, _v32, _t94) == 0) {
										L34:
										E7043B0EA(_v32);
										goto L35;
									}
									_t93 = _v56;
									if(_t93 == 0) {
										_t93 = WideCharToMultiByte;
										__eflags = _v48;
										if(__eflags != 0) {
											L29:
											_t70 = E704353B8(_t86, _t94, __eflags, 1, _t94);
											_v36 = _t70;
											__eflags = _t70;
											if(_t70 != 0) {
												_t71 = WideCharToMultiByte(_a8, 0, _v32, _t94, _t70, _t94, 0, 0);
												__eflags = _t71;
												if(__eflags != 0) {
													__eflags = _v40 - 0xffffffff;
													if(_v40 != 0xffffffff) {
														 *_v52 = _t71;
													}
												} else {
													_push(_v36);
													E70435202(0, _t93, _t94, __eflags);
													_v36 = 0;
												}
											}
											goto L34;
										}
										_t94 = WideCharToMultiByte(_a8, 0, _v32, _t94, 0, 0, 0, 0);
										__eflags = _t94;
										if(__eflags == 0) {
											goto L34;
										}
										goto L29;
									}
									if(WideCharToMultiByte(_a8, 0, _v32, _t94, _t93, _a24, 0, 0) != 0) {
										_v36 = _t93;
									}
									goto L34;
								}
								 *_t76 = 0xdddd;
								L19:
								_t76 = _t76 + 8;
								goto L20;
							}
							E70435810(_t75);
							_t76 = _t97;
							if(_t76 == 0) {
								goto L20;
							} else {
								 *_t76 = 0xcccc;
								goto L19;
							}
						}
					} else {
						_t80 = _v44;
						_t92 =  &(_t80[1]);
						goto L7;
						L7:
						_t86 =  *_t80;
						_t80 =  &(_t80[1]);
						if(_t86 != 0) {
							goto L7;
						} else {
							_t94 = _t80 - _t92 + 1;
							goto L9;
						}
					}
				}
			}
































                                                                                                                                0x7043baa6
                                                                                                                                0x7043baad
                                                                                                                                0x7043bab6
                                                                                                                                0x7043bab9
                                                                                                                                0x7043babc
                                                                                                                                0x7043bac4
                                                                                                                                0x7043bac7
                                                                                                                                0x7043bacc
                                                                                                                                0x7043bacf
                                                                                                                                0x7043bad2
                                                                                                                                0x7043bad8
                                                                                                                                0x7043bc43
                                                                                                                                0x7043bc43
                                                                                                                                0x7043bc46
                                                                                                                                0x7043bc57
                                                                                                                                0x7043bc57
                                                                                                                                0x7043bae4
                                                                                                                                0x7043bae9
                                                                                                                                0x7043baeb
                                                                                                                                0x7043baf3
                                                                                                                                0x7043bb68
                                                                                                                                0x7043bb6a
                                                                                                                                0x7043bb6c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043bb0e
                                                                                                                                0x7043bb0e
                                                                                                                                0x7043bb11
                                                                                                                                0x7043bb1b
                                                                                                                                0x7043bb2f
                                                                                                                                0x7043bb2f
                                                                                                                                0x7043bb31
                                                                                                                                0x7043bb31
                                                                                                                                0x7043bb8e
                                                                                                                                0x00000000
                                                                                                                                0x7043bb3b
                                                                                                                                0x7043bb3b
                                                                                                                                0x7043bb3b
                                                                                                                                0x7043bb44
                                                                                                                                0x7043bb76
                                                                                                                                0x7043bb7b
                                                                                                                                0x7043bb7c
                                                                                                                                0x7043bb7e
                                                                                                                                0x7043bb89
                                                                                                                                0x7043bb89
                                                                                                                                0x7043bb91
                                                                                                                                0x7043bb94
                                                                                                                                0x7043bb6e
                                                                                                                                0x7043bb6e
                                                                                                                                0x00000000
                                                                                                                                0x7043bb6e
                                                                                                                                0x7043bb9e
                                                                                                                                0x7043bbb9
                                                                                                                                0x7043bc3a
                                                                                                                                0x7043bc3d
                                                                                                                                0x00000000
                                                                                                                                0x7043bc42
                                                                                                                                0x7043bbbb
                                                                                                                                0x7043bbc0
                                                                                                                                0x7043bbdf
                                                                                                                                0x7043bbe5
                                                                                                                                0x7043bbe8
                                                                                                                                0x7043bbfe
                                                                                                                                0x7043bc01
                                                                                                                                0x7043bc08
                                                                                                                                0x7043bc0b
                                                                                                                                0x7043bc0d
                                                                                                                                0x7043bc1b
                                                                                                                                0x7043bc1d
                                                                                                                                0x7043bc1f
                                                                                                                                0x7043bc2f
                                                                                                                                0x7043bc33
                                                                                                                                0x7043bc38
                                                                                                                                0x7043bc38
                                                                                                                                0x7043bc21
                                                                                                                                0x7043bc21
                                                                                                                                0x7043bc24
                                                                                                                                0x7043bc2a
                                                                                                                                0x7043bc2a
                                                                                                                                0x7043bc1f
                                                                                                                                0x00000000
                                                                                                                                0x7043bc0d
                                                                                                                                0x7043bbf8
                                                                                                                                0x7043bbfa
                                                                                                                                0x7043bbfc
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043bbfc
                                                                                                                                0x7043bbd8
                                                                                                                                0x7043bbda
                                                                                                                                0x7043bbda
                                                                                                                                0x00000000
                                                                                                                                0x7043bbd8
                                                                                                                                0x7043bb80
                                                                                                                                0x7043bb86
                                                                                                                                0x7043bb86
                                                                                                                                0x00000000
                                                                                                                                0x7043bb86
                                                                                                                                0x7043bb46
                                                                                                                                0x7043bb4b
                                                                                                                                0x7043bb4f
                                                                                                                                0x00000000
                                                                                                                                0x7043bb51
                                                                                                                                0x7043bb51
                                                                                                                                0x00000000
                                                                                                                                0x7043bb51
                                                                                                                                0x7043bb4f
                                                                                                                                0x7043bb1d
                                                                                                                                0x7043bb1d
                                                                                                                                0x7043bb20
                                                                                                                                0x7043bb20
                                                                                                                                0x7043bb23
                                                                                                                                0x7043bb23
                                                                                                                                0x7043bb25
                                                                                                                                0x7043bb28
                                                                                                                                0x00000000
                                                                                                                                0x7043bb2a
                                                                                                                                0x7043bb2c
                                                                                                                                0x00000000
                                                                                                                                0x7043bb2c
                                                                                                                                0x7043bb28
                                                                                                                                0x7043bb1b

                                                                                                                                APIs
                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,7043B34A,?,?,?,?,?,?), ref: 7043BAE9
                                                                                                                                • GetCPInfo.KERNEL32(?,00000001,?,7043B34A,?,?), ref: 7043BB02
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,7043B34A,00000000,00000000,?,7043B34A,?,?,?,?,?,?,?,?), ref: 7043BB66
                                                                                                                                • _malloc.LIBCMT ref: 7043BB76
                                                                                                                                • _memset.LIBCMT ref: 7043BB9E
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,7043B34A,?,00000000,?,?,?,?,?,?,?,7043B34A,?,?), ref: 7043BBB5
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,7043B34A), ref: 7043BBD0
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,7043B34A), ref: 7043BBF6
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,7043B34A), ref: 7043BC1B
                                                                                                                                • __freea.LIBCMT ref: 7043BC3D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$Info$__freea_malloc_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2488528481-0
                                                                                                                                • Opcode ID: d9ae78d69557bbb196417168d6ccc86a78cb33c59c29ef1d78c112f42822f129
                                                                                                                                • Instruction ID: e4363e0dc6e39e2f7d9fc73b32946f81f96ffd8ab6455949ddebc35ee0ba7b1a
                                                                                                                                • Opcode Fuzzy Hash: d9ae78d69557bbb196417168d6ccc86a78cb33c59c29ef1d78c112f42822f129
                                                                                                                                • Instruction Fuzzy Hash: 54515D7190021DEFDF119F95CC80AEEFBB9EB0C254F906129F616B7254CB39AD518BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6D90, Relevance: 15.1, APIs: 10, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_mod_exp_mont.ADB(00000000,00000000,00000000,?,00000000,00000000), ref: 013E6DD2
                                                                                                                                  • Part of subcall function 013E5290: ERR_put_error.ADB(00000003,00000000,00000068,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,0000024E), ref: 013E52FF
                                                                                                                                • BN_mod_exp_mont.ADB(?,00000000,00000000,?,00000000,00000000), ref: 013E6DEC
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,00000000,00000000,00000000), ref: 013E6E00
                                                                                                                                  • Part of subcall function 013E5A20: ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000001A4,00000000,?,00000000,?,013E556E,00000000,00000000,?,?,?), ref: 013E5A48
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,?,00000000,00000000), ref: 013E6E15
                                                                                                                                • OPENSSL_malloc.ADB(00000030), ref: 013E6E3C
                                                                                                                                • BN_MONT_CTX_set.ADB(00000000,?,?), ref: 013E6EAA
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E6EC4
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E6ECF
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E6EE3
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E6EF8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN_mod_exp_montN_mod_mul_montgomeryR_put_errorX_free$L_mallocX_set
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 675819701-0
                                                                                                                                • Opcode ID: 02b260c8be1ede8064e017fa5c6b9467c91536fb7e276f52d1cdea4128b3e6c3
                                                                                                                                • Instruction ID: c51fb784055c4d5cedc2249e3d9351a58972beb5a3a5c18dec69f01966fba046
                                                                                                                                • Opcode Fuzzy Hash: 02b260c8be1ede8064e017fa5c6b9467c91536fb7e276f52d1cdea4128b3e6c3
                                                                                                                                • Instruction Fuzzy Hash: B041CFB15003256BEB209F19CC49BAB7BE8EFA431CF44491CF8495B281E375E919CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6480, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 218COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000068,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,00000392), ref: 013E650F
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c, xrefs: 013E64C7, 013E6504
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c
                                                                                                                                • API String ID: 1767461275-3419384422
                                                                                                                                • Opcode ID: 20dcb9ea0b4b489e1a828c68b1489013e6c72c14fc93e3f26f16eddd9119fc72
                                                                                                                                • Instruction ID: 5dcaa0e5748bd71badd31866e2c7d2d7116dc8bb93403888ce590c71b8b12349
                                                                                                                                • Opcode Fuzzy Hash: 20dcb9ea0b4b489e1a828c68b1489013e6c72c14fc93e3f26f16eddd9119fc72
                                                                                                                                • Instruction Fuzzy Hash: 0A81F6F1A043119FE710CF29D88675BBBE5BFA4318F04862DF994A7281E375E944CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2EF0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 174COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F2F30
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000088), ref: 013F2F40
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F2F55
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013F307C
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000072,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,00000217), ref: 013F30D0
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000072,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,000000B3), ref: 013F30EE
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_freeL_mallocmemcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 491489552-705831790
                                                                                                                                • Opcode ID: 37e0ef707152b389efd38f6bd922851fa14cfb32647227ea425dc32d3e2e75ab
                                                                                                                                • Instruction ID: 8a101aaeb8ca8ae36312888d14bf9197c6096a7dbb5ccdaa0f3a9e93364fda41
                                                                                                                                • Opcode Fuzzy Hash: 37e0ef707152b389efd38f6bd922851fa14cfb32647227ea425dc32d3e2e75ab
                                                                                                                                • Instruction Fuzzy Hash: A9519E70744306ABEB309E1ADC81F67BBA8EF10B08F04452DEB869B6D1E7B5E544C761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5290, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 173COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000068,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,0000024E), ref: 013E52FF
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c, xrefs: 013E52B7, 013E52F4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c
                                                                                                                                • API String ID: 1767461275-3419384422
                                                                                                                                • Opcode ID: 7fc22119c105c03012a1d4737e7733d70a7560362ea9e33a217f79ddb8bf3b3f
                                                                                                                                • Instruction ID: 37ba42daa870c46b323dbf499dc09db53f24589d597eaa7febca4353bfef58ab
                                                                                                                                • Opcode Fuzzy Hash: 7fc22119c105c03012a1d4737e7733d70a7560362ea9e33a217f79ddb8bf3b3f
                                                                                                                                • Instruction Fuzzy Hash: E4512476A007559BEB20CF28D849766B7E5AFD431CF14872DF895A32C0E7B1E580CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01408AF0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(31000000), ref: 01408B49
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01408B5F
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 01408BC3
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 01408C19
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 01408C27
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 01408C46
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01408C54
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 01408C3B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_cleanseL_free$L_mallocR_put_errormemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 993662067-820803757
                                                                                                                                • Opcode ID: 486f8bf9dd986e13eecc65ee970e4b2d8f74a74f0db029cb6e443ae9c675b5d8
                                                                                                                                • Instruction ID: f8bf82c96c5682d0cb46342d58722a6656a690b4e541c55e078377c21c2599e4
                                                                                                                                • Opcode Fuzzy Hash: 486f8bf9dd986e13eecc65ee970e4b2d8f74a74f0db029cb6e443ae9c675b5d8
                                                                                                                                • Instruction Fuzzy Hash: 2D41D0B1908301ABDB119F19DC41A5BBBF5FFD8314F088529F98897261E732D952CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC3B0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC3C1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC405
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FC421
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC44E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC460
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC478
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000078,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000332), ref: 013FC490
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 900039384-1759677748
                                                                                                                                • Opcode ID: 014b62e3a03ae7376509a87a64a8acfc7dc7cbea89eccf926893fc8fc5df701b
                                                                                                                                • Instruction ID: c7a9cfb866cd01e9688242d1d21a25f24119d650907950c2d0836508bf7f24c5
                                                                                                                                • Opcode Fuzzy Hash: 014b62e3a03ae7376509a87a64a8acfc7dc7cbea89eccf926893fc8fc5df701b
                                                                                                                                • Instruction Fuzzy Hash: 68212EF6BC02067BF6216529AC46F3B725CAF60B4CF04043CFB09725C1F6A5E51986A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140DC00, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 0140DC1C
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • RSA_generate_key_ex.ADB(?,?,00000000,?), ref: 0140DC83
                                                                                                                                  • Part of subcall function 0140CEC0: ERR_clear_error.ADB ref: 0140CF20
                                                                                                                                  • Part of subcall function 0140CEC0: RSA_new_method.ADB(00000000), ref: 0140CF27
                                                                                                                                • RSA_check_fips.ADB(?), ref: 0140DC90
                                                                                                                                  • Part of subcall function 0140BBC0: RSA_check_key.ADB(?), ref: 0140BBE0
                                                                                                                                  • Part of subcall function 0140BBC0: OPENSSL_malloc.ADB(00000018), ref: 0140BBF4
                                                                                                                                  • Part of subcall function 0140BBC0: BN_num_bits.ADB(00000000), ref: 0140BC4D
                                                                                                                                  • Part of subcall function 0140BBC0: CRYPTO_once.ADB(01742B38,0141EF90), ref: 0140BC89
                                                                                                                                  • Part of subcall function 0140BBC0: BN_gcd.ADB(?,?,01742B3C,00000000), ref: 0140BC9D
                                                                                                                                  • Part of subcall function 0140BBC0: ERR_put_error.ADB(00000004,00000000,00000092,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000034C), ref: 0140BCC7
                                                                                                                                  • Part of subcall function 0140BBC0: OPENSSL_free.ADB(?), ref: 0140BCDE
                                                                                                                                  • Part of subcall function 0140BBC0: sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 0140BD65
                                                                                                                                  • Part of subcall function 0140BBC0: OPENSSL_free.ADB(?), ref: 0140BD70
                                                                                                                                  • Part of subcall function 0140BBC0: OPENSSL_free.ADB(00000000), ref: 0140BD79
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140DCA8
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000068,external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c,0000052D), ref: 0140DCDE
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140DCF0
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c, xrefs: 0140DCC4
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 0140DCD3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_error$L_malloc$A_check_fipsA_check_keyA_generate_key_exA_new_methodN_gcdN_num_bitsO_onceR_clear_errormallocsk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c
                                                                                                                                • API String ID: 1174308324-27007083
                                                                                                                                • Opcode ID: d3c6884c24f56f2ab04a3ca62865dba7ca67283a4e03d739fc345dd45444adc3
                                                                                                                                • Instruction ID: 5b92e73fb38e300923bed356cc3a98025265a4852fb7c76952e9c570b018ad16
                                                                                                                                • Opcode Fuzzy Hash: d3c6884c24f56f2ab04a3ca62865dba7ca67283a4e03d739fc345dd45444adc3
                                                                                                                                • Instruction Fuzzy Hash: 6721F2B0A443019FF7216F96DC45F5376A8AF20708F44443EFA49AB3E1E3F6D4498661
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD700, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_check_key.ADB(?), ref: 013FD71D
                                                                                                                                • ECDSA_do_sign.ADB(?,00000010,?), ref: 013FD742
                                                                                                                                • ECDSA_do_verify.ADB(00000010,00000010,00000000,?), ref: 013FD759
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013FD764
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000084,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000015A), ref: 013FD78A
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013FD798
                                                                                                                                  • Part of subcall function 013F8D50: OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D69
                                                                                                                                  • Part of subcall function 013F8D50: OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8D9C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000084,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000016C), ref: 013FD7B3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: G_freeL_freeR_put_error$A_do_signA_do_verifyY_check_key
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 3437526108-3769350328
                                                                                                                                • Opcode ID: 21d3f9d5398538c94919749e5f2e3a9cd176776e4c8dee6f36b30e9d2fe5757a
                                                                                                                                • Instruction ID: 62bb3c60bb9177eff716727503d0931d17051480028d95b21651b7e66fc3808b
                                                                                                                                • Opcode Fuzzy Hash: 21d3f9d5398538c94919749e5f2e3a9cd176776e4c8dee6f36b30e9d2fe5757a
                                                                                                                                • Instruction Fuzzy Hash: 9C112BA1F4034523FB1029A95C4AF67325C5F20B2CF040539BF055E2C6F5A1D95481E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704332E5, Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 62%
                                                                                                                                			E704332E5(intOrPtr __eax, void* __ecx) {
				char _v8;
				char _v12;
				intOrPtr _t15;
				struct _CRITICAL_SECTION* _t21;
				void* _t29;

				_t15 = __eax;
				_push(__ecx);
				_push(__ecx);
				_t29 = __ecx;
				_t21 = __ecx + 0x18;
				EnterCriticalSection(_t21);
				if( *((char*)(_t29 + 0x30)) == 0) {
					 *((char*)(_t29 + 0x30)) = 1;
				}
				while( *((intOrPtr*)(_t29 + 0x34)) > 0) {
					LeaveCriticalSection(_t21);
					_v8 =  *((intOrPtr*)(_t29 + 0x14));
					_push(_v8);
					_t15 =  *((intOrPtr*)( *((intOrPtr*)(_t29 + 0x10)) + 0x48));
					_push(_t15);
					L7043C100();
					if(_t15 == 0) {
						L7:
						EnterCriticalSection(_t21);
						L8:
						LeaveCriticalSection(_t21);
						__imp__?CloseHandle@AdbObjectHandle@@UAE_NXZ();
						return _t15;
					}
					_v12 =  *((intOrPtr*)(_t29 + 0x14));
					_push(_v12);
					_t15 =  *((intOrPtr*)( *((intOrPtr*)(_t29 + 0x10)) + 0x48));
					_push(_t15);
					L7043C0F4();
					if(_t15 == 0) {
						goto L7;
					}
					Sleep(0x10);
					EnterCriticalSection(_t21);
				}
				goto L8;
			}








                                                                                                                                0x704332e5
                                                                                                                                0x704332ea
                                                                                                                                0x704332eb
                                                                                                                                0x704332ee
                                                                                                                                0x704332f7
                                                                                                                                0x704332fb
                                                                                                                                0x70433301
                                                                                                                                0x70433303
                                                                                                                                0x70433303
                                                                                                                                0x7043334d
                                                                                                                                0x7043330a
                                                                                                                                0x70433313
                                                                                                                                0x70433319
                                                                                                                                0x7043331c
                                                                                                                                0x7043331f
                                                                                                                                0x70433320
                                                                                                                                0x70433327
                                                                                                                                0x70433355
                                                                                                                                0x70433356
                                                                                                                                0x70433358
                                                                                                                                0x70433359
                                                                                                                                0x70433361
                                                                                                                                0x7043336b
                                                                                                                                0x7043336b
                                                                                                                                0x7043332c
                                                                                                                                0x70433332
                                                                                                                                0x70433335
                                                                                                                                0x70433338
                                                                                                                                0x70433339
                                                                                                                                0x70433340
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433344
                                                                                                                                0x7043334b
                                                                                                                                0x7043334b
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 704332FB
                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?), ref: 70433356
                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 70433359
                                                                                                                                • ?CloseHandle@AdbObjectHandle@@UAE_NXZ.ADBWINAPI ref: 70433361
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$Enter$CloseHandle@Handle@@LeaveObject
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1831958720-0
                                                                                                                                • Opcode ID: 17a7750d4e88bbc9582c01baf31e077d1ee1068547ac0db34fc5eefb1c5b73c8
                                                                                                                                • Instruction ID: 30a3fe99197621bd3da7da8fbb4fbdf143dc5fd6a4478b8850f3c5fe441225d4
                                                                                                                                • Opcode Fuzzy Hash: 17a7750d4e88bbc9582c01baf31e077d1ee1068547ac0db34fc5eefb1c5b73c8
                                                                                                                                • Instruction Fuzzy Hash: 8111C672100344EFD7119BB5CD48A9EFBBCAF4C611F142858EA83A2312DA74E845CB31
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014093E0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 01409490
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000078,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000259), ref: 01409530
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140953D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/padding.c, xrefs: 014094B8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 3956408723-2078984126
                                                                                                                                • Opcode ID: c517fc1c08992389086124d8abca49e6fe48f6a938e880d0d381cb9e10a56f5f
                                                                                                                                • Instruction ID: 2505e8a4162a53306037fefb434c07c2c85dcec325d4b3ae62907babedd7ac01
                                                                                                                                • Opcode Fuzzy Hash: c517fc1c08992389086124d8abca49e6fe48f6a938e880d0d381cb9e10a56f5f
                                                                                                                                • Instruction Fuzzy Hash: F851A272A043119FD701CF1AD885A5BBBA4BFC8218F45462DF98997352D731E901CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098432B, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 55%
                                                                                                                                			E7098432B(void* __edx, void* _a4, signed int _a20, signed int _a24, signed char _a28) {
				signed int _v8;
				char _v136;
				char _v152;
				char* _v156;
				char* _v160;
				char* _v164;
				char _v168;
				signed int _v172;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t30;
				char* _t34;
				intOrPtr* _t40;
				intOrPtr _t44;
				char* _t46;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				char* _t58;
				void* _t59;
				intOrPtr _t61;
				void* _t66;
				intOrPtr* _t68;
				intOrPtr _t71;
				signed int _t72;
				void* _t73;
				intOrPtr* _t74;
				void* _t75;

				_t66 = __edx;
				_t30 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t30 ^ _t72;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push( &_v168);
				_push(1);
				_push(1);
				asm("movsd");
				_push(0x12);
				_t74 = _t73 - 0x10;
				_t68 = _t74;
				_t70 =  &_v152;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t58 = 0;
				_v164 = 0;
				_v160 = 0;
				_v156 = 0;
				asm("movsd");
				if(E709851C2(_t59) != 0) {
					_t34 = E709838D6( &_v168);
					__eflags = _t34;
					if(_t34 != 0) {
						__eflags = _a28 - 0xff;
						if(_a28 != 0xff) {
							_push(_a28 & 0x000000ff);
							_push(_a24 & 0x0000ffff);
							E70988A1A( &_v168,  &_v152,  &_v136, L"\\\\?\\usb#vid_%04x&pid_%04x&mi_%02x#", _a20 & 0x0000ffff);
							_t75 = _t74 + 0x14;
						} else {
							_push(_a24 & 0x0000ffff);
							E70988A1A( &_v168,  &_v152,  &_v136, L"\\\\?\\usb#vid_%04x&pid_%04x#", _a20 & 0x0000ffff);
							_t75 = _t74 + 0x10;
						}
						_t40 =  &_v136;
						_t66 = _t40 + 2;
						do {
							_t61 =  *_t40;
							_t40 = _t40 + 2;
							__eflags = _t61 - _t58;
						} while (_t61 != _t58);
						_v172 = _t40 - _t66 >> 1;
						_t44 = _v164;
						_t71 = _t44;
						__eflags = _t44 - _v160;
						if(_t44 == _v160) {
							goto L4;
						}
						_t68 = _t44 + 0x14;
						_t58 = 0x709812f0;
						while(1) {
							_t48 =  *_t68;
							__eflags = _t48;
							if(_t48 == 0) {
								_t48 = _t58;
							}
							_t50 = E7098896F(_t58, _t61, _t66,  &_v136, _t48, _v172);
							_t75 = _t75 + 0xc;
							__eflags = _t50;
							if(_t50 == 0) {
								break;
							}
							_t71 = _t71 + 0x24;
							_t68 = _t68 + 0x24;
							__eflags = _t71 - _v160;
							if(_t71 != _v160) {
								continue;
							}
							goto L4;
						}
						_t51 =  *((intOrPtr*)(_t71 + 0x14));
						__eflags = _t51;
						if(__eflags == 0) {
							_t51 = _t58;
						}
						_push(_t51);
						_t70 = E709837D4(_t58, _t68, _t71, __eflags);
						L5:
						E70984229( &_v168);
						_t46 = _t70;
						L2:
						return E70987FB3(_t46, _t58, _v8 ^ _t72, _t66, _t68, _t70);
					}
					L4:
					_t70 = 0;
					__eflags = 0;
					SetLastError(0x10df);
					goto L5;
				}
				E70984229( &_v168);
				_t46 = 0;
				goto L2;
			}

































                                                                                                                                0x7098432b
                                                                                                                                0x70984336
                                                                                                                                0x7098433d
                                                                                                                                0x7098434c
                                                                                                                                0x7098434d
                                                                                                                                0x7098434e
                                                                                                                                0x70984355
                                                                                                                                0x70984356
                                                                                                                                0x70984358
                                                                                                                                0x7098435a
                                                                                                                                0x7098435b
                                                                                                                                0x7098435d
                                                                                                                                0x70984360
                                                                                                                                0x70984362
                                                                                                                                0x70984368
                                                                                                                                0x70984369
                                                                                                                                0x7098436a
                                                                                                                                0x7098436b
                                                                                                                                0x7098436d
                                                                                                                                0x70984373
                                                                                                                                0x70984379
                                                                                                                                0x7098437f
                                                                                                                                0x7098438d
                                                                                                                                0x709843a5
                                                                                                                                0x709843aa
                                                                                                                                0x709843ac
                                                                                                                                0x709843ca
                                                                                                                                0x709843ce
                                                                                                                                0x709843f4
                                                                                                                                0x709843f9
                                                                                                                                0x7098440b
                                                                                                                                0x70984410
                                                                                                                                0x709843d0
                                                                                                                                0x709843d4
                                                                                                                                0x709843e6
                                                                                                                                0x709843eb
                                                                                                                                0x709843eb
                                                                                                                                0x70984413
                                                                                                                                0x70984419
                                                                                                                                0x7098441c
                                                                                                                                0x7098441c
                                                                                                                                0x70984420
                                                                                                                                0x70984421
                                                                                                                                0x70984421
                                                                                                                                0x7098442a
                                                                                                                                0x70984430
                                                                                                                                0x70984436
                                                                                                                                0x70984438
                                                                                                                                0x7098443e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70984444
                                                                                                                                0x70984447
                                                                                                                                0x7098444c
                                                                                                                                0x7098444c
                                                                                                                                0x7098444e
                                                                                                                                0x70984450
                                                                                                                                0x70984452
                                                                                                                                0x70984452
                                                                                                                                0x70984462
                                                                                                                                0x70984467
                                                                                                                                0x7098446a
                                                                                                                                0x7098446c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098446e
                                                                                                                                0x70984471
                                                                                                                                0x70984474
                                                                                                                                0x7098447a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098447c
                                                                                                                                0x70984481
                                                                                                                                0x70984484
                                                                                                                                0x70984486
                                                                                                                                0x70984488
                                                                                                                                0x70984488
                                                                                                                                0x7098448a
                                                                                                                                0x70984491
                                                                                                                                0x709843bb
                                                                                                                                0x709843c1
                                                                                                                                0x709843c6
                                                                                                                                0x70984396
                                                                                                                                0x709843a4
                                                                                                                                0x709843a4
                                                                                                                                0x709843ae
                                                                                                                                0x709843b3
                                                                                                                                0x709843b3
                                                                                                                                0x709843b5
                                                                                                                                0x00000000
                                                                                                                                0x709843b5
                                                                                                                                0x7098438f
                                                                                                                                0x70984394
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 709851C2: SetupDiGetClassDevsW.SETUPAPI(?,00000000,00000000,?), ref: 709851EF
                                                                                                                                  • Part of subcall function 709851C2: SetupDiDestroyDeviceInfoList.SETUPAPI(00000000), ref: 7098522D
                                                                                                                                  • Part of subcall function 709851C2: SetLastError.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,70985A45), ref: 70985238
                                                                                                                                • SetLastError.KERNEL32(000010DF,?,?,?,?,?,?), ref: 709843B5
                                                                                                                                • __swprintf.LIBCMT ref: 709843E6
                                                                                                                                • __swprintf.LIBCMT ref: 7098440B
                                                                                                                                • __wcsnicmp.LIBCMT ref: 70984462
                                                                                                                                • AdbCreateInterfaceByName.ADBWINAPI(?,?,?,?,?,?,?,?,?,?), ref: 7098448B
                                                                                                                                Strings
                                                                                                                                • \\?\usb#vid_%04x&pid_%04x&mi_%02x#, xrefs: 70984405
                                                                                                                                • \\?\usb#vid_%04x&pid_%04x#, xrefs: 709843E0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastSetup__swprintf$ClassCreateDestroyDeviceDevsInfoInterfaceListName__wcsnicmp
                                                                                                                                • String ID: \\?\usb#vid_%04x&pid_%04x#$\\?\usb#vid_%04x&pid_%04x&mi_%02x#
                                                                                                                                • API String ID: 3392512159-949970703
                                                                                                                                • Opcode ID: 93e80907e49c5962027385f1759ef2ef0b3e77dab53e1610b50c86cd68318f7b
                                                                                                                                • Instruction ID: fa2c139b99b9647dbbbb147e37034fd750eeb5246ada6db9e07986eb63e818b0
                                                                                                                                • Opcode Fuzzy Hash: 93e80907e49c5962027385f1759ef2ef0b3e77dab53e1610b50c86cd68318f7b
                                                                                                                                • Instruction Fuzzy Hash: 2B419672A002299EDB21DF658D41BDFB3BDAF05304F0041A5F95AE73C1D6B4EE458B52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E1790, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/div.c, xrefs: 013E18F3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/div.c
                                                                                                                                • API String ID: 0-970073626
                                                                                                                                • Opcode ID: dfe2d1895025567e03b76c02f8ebf9a91869e94c9e5844ee114c6ef0b36c8f76
                                                                                                                                • Instruction ID: c3114af9843e850c2774e129f051b48c400777de80cbaf479225861c9fdb80a5
                                                                                                                                • Opcode Fuzzy Hash: dfe2d1895025567e03b76c02f8ebf9a91869e94c9e5844ee114c6ef0b36c8f76
                                                                                                                                • Instruction Fuzzy Hash: 15313671B043229FE7109F28C848B2BBBE5AF9425CF18452CE999873C1E330E841CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3F60, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E3F66
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013E3FCC
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E3FEF
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E4039
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E4044
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E404D
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E3FE4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 3003662701-589256770
                                                                                                                                • Opcode ID: 34861881c3027e061c96b732b052126556c934944d69880379daeffd5af6c1d7
                                                                                                                                • Instruction ID: 13d37f49dcad356e0779e20166775d8ef8ca5540093fbdb379950cbb6bb7b7f9
                                                                                                                                • Opcode Fuzzy Hash: 34861881c3027e061c96b732b052126556c934944d69880379daeffd5af6c1d7
                                                                                                                                • Instruction Fuzzy Hash: E321D6B56003116BE7116F19EC49F27BBE8AFA434CF098038E9099B2D2E776D915C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC4A0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_ucmp.ADB(?,013FC414,?), ref: 013FC4C9
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/simple.c,000000C6,?,?,?,?,013FC3F0,?,?,?,?), ref: 013FC4F0
                                                                                                                                • BN_ucmp.ADB(?,013FC414), ref: 013FC523
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000065,external/boringssl/src/crypto/fipsmodule/ec/felem.c,0000001B), ref: 013FC53C
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,013FC2DC,00000044), ref: 013FC56C
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/simple.c, xrefs: 013FC4E5
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/felem.c, xrefs: 013FC4D7, 013FC531
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpR_put_error$memcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/felem.c$external/boringssl/src/crypto/fipsmodule/ec/simple.c
                                                                                                                                • API String ID: 882918445-3861758021
                                                                                                                                • Opcode ID: fdde8057ab67b63ac752763fd84d5d6a51753a02163ce8b088b034c90def0992
                                                                                                                                • Instruction ID: 6cd9e8b58a6b10f3691c081755c5036729f1846b6e25853629a7f0e182cef903
                                                                                                                                • Opcode Fuzzy Hash: fdde8057ab67b63ac752763fd84d5d6a51753a02163ce8b088b034c90def0992
                                                                                                                                • Instruction Fuzzy Hash: 1B214571AC030EABE6319A159C45F3776ACAB00B4CF05502DFB09771C2E3A5E514C6B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD220, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000058,00000000,00000000,?,013FD0F2,00000000,?), ref: 013FD233
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ec_bignum_to_scalar.ADB(?,-00000014,?), ref: 013FD2FA
                                                                                                                                  • Part of subcall function 013F94A0: ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000143,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94BF
                                                                                                                                  • Part of subcall function 013F94A0: ERR_put_error.ADB(0000000F,00000000,00000085,external/boringssl/src/crypto/fipsmodule/ec/scalar.c,0000001C,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94D7
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD309
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000072,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000F2,00000000,00000000,?,013FD0F2,00000000,?), ref: 013FD336
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000007D,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000FB), ref: 013FD350
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD359
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_free$L_mallocec_bignum_to_scalarmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 3625861415-3769350328
                                                                                                                                • Opcode ID: a3a25949612a33000c28b4910e82ccff5e09c5311f7e094b41568d060451276e
                                                                                                                                • Instruction ID: a57efda6f71796ba4f78eadbff1a500c52e489e7940cc329e39e0c12848dd9a3
                                                                                                                                • Opcode Fuzzy Hash: a3a25949612a33000c28b4910e82ccff5e09c5311f7e094b41568d060451276e
                                                                                                                                • Instruction Fuzzy Hash: 7A310CB0640B019BF3309F16D859B13BBF4BB14708F54892DE68A5AAD1D7FAE4488B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8C80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000008), ref: 013F8C83
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013F8C99
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013F8CD6
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013F8CE4
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013F8D2B
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013F8D3B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_malloc$R_put_error$G_freemalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 172061303-2228489102
                                                                                                                                • Opcode ID: 50c650a9f5cf712989923d2239dd375d859e4894e00ae2e9bc30a31554bd4f0e
                                                                                                                                • Instruction ID: d211cd8754b5e856aad09e6ca24b9a1932dff3d5defa50c2d5ad98a48159be92
                                                                                                                                • Opcode Fuzzy Hash: 50c650a9f5cf712989923d2239dd375d859e4894e00ae2e9bc30a31554bd4f0e
                                                                                                                                • Instruction Fuzzy Hash: 931182F06403119EF7616F15EC1AB437AD06F20B08F4A84ADE6099F2E2E7F9D485C795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098EEAB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 57%
                                                                                                                                			E7098EEAB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t16;
				void* _t25;
				struct HINSTANCE__* _t29;
				intOrPtr* _t31;
				void* _t33;

				_push(0x14);
				_push(0x70993c20);
				E70988D28(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				_t31 = E70989D53( *0x70997bb8);
				if(_t31 == 0) {
					_t16 = E70989A70(_t33 - 0x1c);
					_pop(_t25);
					if(_t16 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E7098C94B(0, _t25, __edx, __edi, _t31);
					}
					if( *((intOrPtr*)(_t33 - 0x1c)) == 1) {
						L7:
						_t31 = E7098EE91;
					} else {
						_t29 = GetModuleHandleW(L"kernelbase.dll");
						if(_t29 != 0) {
							L6:
							_t31 = GetProcAddress(_t29, "InitializeCriticalSectionAndSpinCount");
							if(_t31 == 0) {
								goto L7;
							}
						} else {
							GetModuleHandleW(L"kernel32.dll");
							if(_t29 == 0) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
					 *0x70997bb8 = E70989CCD(_t31);
				}
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x20)) =  *_t31( *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)));
				 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
				return E70988D6D( *((intOrPtr*)(_t33 - 0x20)));
			}








                                                                                                                                0x7098eeab
                                                                                                                                0x7098eead
                                                                                                                                0x7098eeb2
                                                                                                                                0x7098eeb9
                                                                                                                                0x7098eec8
                                                                                                                                0x7098eecc
                                                                                                                                0x7098eed2
                                                                                                                                0x7098eed7
                                                                                                                                0x7098eeda
                                                                                                                                0x7098eedc
                                                                                                                                0x7098eedd
                                                                                                                                0x7098eede
                                                                                                                                0x7098eedf
                                                                                                                                0x7098eee0
                                                                                                                                0x7098eee1
                                                                                                                                0x7098eee6
                                                                                                                                0x7098eeed
                                                                                                                                0x7098ef1f
                                                                                                                                0x7098ef1f
                                                                                                                                0x7098eeef
                                                                                                                                0x7098eefc
                                                                                                                                0x7098ef00
                                                                                                                                0x7098ef0d
                                                                                                                                0x7098ef19
                                                                                                                                0x7098ef1d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098ef02
                                                                                                                                0x7098ef07
                                                                                                                                0x7098ef0b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098ef0b
                                                                                                                                0x7098ef00
                                                                                                                                0x7098ef2b
                                                                                                                                0x7098ef2b
                                                                                                                                0x7098ef30
                                                                                                                                0x7098ef3b
                                                                                                                                0x7098ef6f
                                                                                                                                0x7098ef7e

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D65
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(00000005,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D7C
                                                                                                                                  • Part of subcall function 70989D53: RtlDecodePointer.NTDLL(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989DBB
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 7098EED2
                                                                                                                                • GetModuleHandleW.KERNEL32(kernelbase.dll,00000014,7098DA07,00000000,00000FA0,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004,709938D8,0000000C,7098EFB3), ref: 7098EEFA
                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,70989180,00000004,709938D8,0000000C,7098EFB3,70986DBD,?,00000000,00000000,00000000), ref: 7098EF07
                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 7098EF13
                                                                                                                                  • Part of subcall function 7098C94B: OutputDebugStringA.KERNEL32(Invalid parameter passed to C runtime function.), ref: 7098C9DF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressDebugDecodeOutputPointerProcString__get_wpgmptr
                                                                                                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll$kernelbase.dll
                                                                                                                                • API String ID: 3279536254-4189688002
                                                                                                                                • Opcode ID: e8ac7190c359b714eb1fb58c61e619c2167ad331a022699bc96f91b1679a7481
                                                                                                                                • Instruction ID: 7daf26cb3f798a07bf795c9bf7028a3fc1adc0b7efa4df8e6f487b32f9ec534f
                                                                                                                                • Opcode Fuzzy Hash: e8ac7190c359b714eb1fb58c61e619c2167ad331a022699bc96f91b1679a7481
                                                                                                                                • Instruction Fuzzy Hash: 4601D673C14128AFCB11AFA48C8069D76B85F4421C715417AFA42B73E0DB395D409B97
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704396FB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 57%
                                                                                                                                			E704396FB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t16;
				void* _t25;
				struct HINSTANCE__* _t29;
				intOrPtr* _t31;
				void* _t33;

				_push(0x14);
				_push(0x7043c9d0);
				E70434970(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				_t31 = E70435EE9( *0x7043f7e0);
				if(_t31 == 0) {
					_t16 = E70435C06(_t33 - 0x1c);
					_pop(_t25);
					if(_t16 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E7043930E(0, _t25, __edx, __edi, _t31);
					}
					if( *((intOrPtr*)(_t33 - 0x1c)) == 1) {
						L7:
						_t31 = E704396E1;
					} else {
						_t29 = GetModuleHandleW(L"kernelbase.dll");
						if(_t29 != 0) {
							L6:
							_t31 = GetProcAddress(_t29, "InitializeCriticalSectionAndSpinCount");
							if(_t31 == 0) {
								goto L7;
							}
						} else {
							GetModuleHandleW(L"kernel32.dll");
							if(_t29 == 0) {
								goto L7;
							} else {
								goto L6;
							}
						}
					}
					 *0x7043f7e0 = E70435E63(_t31);
				}
				 *((intOrPtr*)(_t33 - 4)) = 0;
				 *((intOrPtr*)(_t33 - 0x20)) =  *_t31( *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)));
				 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
				return E704349B5( *((intOrPtr*)(_t33 - 0x20)));
			}








                                                                                                                                0x704396fb
                                                                                                                                0x704396fd
                                                                                                                                0x70439702
                                                                                                                                0x70439709
                                                                                                                                0x70439718
                                                                                                                                0x7043971c
                                                                                                                                0x70439722
                                                                                                                                0x70439727
                                                                                                                                0x7043972a
                                                                                                                                0x7043972c
                                                                                                                                0x7043972d
                                                                                                                                0x7043972e
                                                                                                                                0x7043972f
                                                                                                                                0x70439730
                                                                                                                                0x70439731
                                                                                                                                0x70439736
                                                                                                                                0x7043973d
                                                                                                                                0x7043976f
                                                                                                                                0x7043976f
                                                                                                                                0x7043973f
                                                                                                                                0x7043974c
                                                                                                                                0x70439750
                                                                                                                                0x7043975d
                                                                                                                                0x70439769
                                                                                                                                0x7043976d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70439752
                                                                                                                                0x70439757
                                                                                                                                0x7043975b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043975b
                                                                                                                                0x70439750
                                                                                                                                0x7043977b
                                                                                                                                0x7043977b
                                                                                                                                0x70439780
                                                                                                                                0x7043978b
                                                                                                                                0x704397bf
                                                                                                                                0x704397ce

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435EFB
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(00000006,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F12
                                                                                                                                  • Part of subcall function 70435EE9: RtlDecodePointer.NTDLL(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F51
                                                                                                                                • __get_wpgmptr.LIBCMT ref: 70439722
                                                                                                                                • GetModuleHandleW.KERNEL32(kernelbase.dll,00000014,7043852F,00000000,00000FA0,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004,7043C6E8,0000000C,7043A2D0), ref: 7043974A
                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,70435316,00000004,7043C6E8,0000000C,7043A2D0,70433EBE,?,00000000,00000000,00000000,?,704360E4,00000001,00000214), ref: 70439757
                                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 70439763
                                                                                                                                  • Part of subcall function 7043930E: OutputDebugStringA.KERNEL32(Invalid parameter passed to C runtime function.), ref: 704393A2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue$AddressDebugDecodeOutputPointerProcString__get_wpgmptr
                                                                                                                                • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll$kernelbase.dll
                                                                                                                                • API String ID: 3279536254-4189688002
                                                                                                                                • Opcode ID: 96eb44699156464e304a912e6e80ce73b896eb7e2648cccc6e26053d65b6a640
                                                                                                                                • Instruction ID: e9a5b6a5347d66aa466b0b019122d3b140f44dedb5e64b78a85639d78db9716f
                                                                                                                                • Opcode Fuzzy Hash: 96eb44699156464e304a912e6e80ce73b896eb7e2648cccc6e26053d65b6a640
                                                                                                                                • Instruction Fuzzy Hash: 850180B2D10115EECB11AFB49CC159DFAB5AB0C254FA1723EE512B73A0DB3C5D418B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70433846, Relevance: 12.1, APIs: 8, Instructions: 112filepipeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 48%
                                                                                                                                			E70433846(void* __ecx) {
				char _v8;
				char _v12;
				char _v16;
				void* _v24;
				char _v28;
				WCHAR* _t27;
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				intOrPtr* _t36;
				char _t38;
				void** _t48;
				void* _t50;

				_t50 = __ecx;
				_t27 =  *(__ecx + 0x38);
				if(_t27 == 0) {
					_t27 = 0x7043130c;
				}
				_t28 = CreateFileW(_t27, 0xc0000000, 3, 0, 3, 0x40000000, 0);
				 *(_t50 + 0x44) = _t28;
				if(_t28 != 0xffffffff) {
					_t48 = _t50 + 0x48;
					_push(_t48);
					_push(_t28);
					L7043C154();
					if(_t28 == 0) {
						L18:
						return _t28;
					}
					_t29 =  *_t48;
					_t36 = _t50 + 0x4c;
					_push(_t36);
					_push(_t29);
					L7043C148();
					if(_t29 == 0) {
						L20:
						_t28 = 0;
						L17:
						goto L18;
					}
					_t30 =  *_t48;
					_push( &_v12);
					_push(0x12);
					_push(_t50 + 0x10);
					_push(0);
					_push(0);
					_push(1);
					_push(_t30);
					L7043C124();
					if(_t30 == 0) {
						goto L20;
					}
					_t31 =  *_t48;
					_push( &_v12);
					_push(9);
					_push(_t50 + 0x22);
					_push(0);
					_push(0);
					_push(2);
					_push(_t31);
					L7043C124();
					if(_t31 == 0) {
						goto L20;
					}
					_v8 =  *_t36;
					_t28 =  *_t48;
					_push(_t50 + 0x2b);
					_push(_v8);
					_push(_t28);
					L7043C13C();
					if(_t28 == 0) {
						goto L20;
					}
					_t38 = 0;
					_v8 = 0;
					if( *((intOrPtr*)(_t50 + 0x2f)) <= 0) {
						L16:
						__imp__?CreateHandle@AdbObjectHandle@@UAEPAXXZ();
						goto L17;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_push( &_v28);
						_push(_v8);
						_v16 =  *((intOrPtr*)(_t50 + 0x4c));
						_push(_v16);
						_t28 =  *_t48;
						_push(_t28);
						L7043C130();
						if(_t28 == 0) {
							goto L20;
						}
						if(_v28 == 2) {
							_t28 = _v24;
							if(_t28 >= 0) {
								 *((char*)(_t50 + 0x4f)) = _t38;
								 *(_t50 + 0x50) = _t28;
							} else {
								 *((char*)(_t50 + 0x4d)) = _t38;
								 *(_t50 + 0x4e) = _t28;
							}
						}
						_t38 = _t38 + 1;
						_v8 = _t38;
						if(_t38 <  *((intOrPtr*)(_t50 + 0x2f))) {
							continue;
						} else {
							goto L16;
						}
					}
					goto L20;
				} else {
					return 0;
				}
			}

















                                                                                                                                0x7043384f
                                                                                                                                0x70433851
                                                                                                                                0x70433856
                                                                                                                                0x70433858
                                                                                                                                0x70433858
                                                                                                                                0x70433870
                                                                                                                                0x70433876
                                                                                                                                0x7043387c
                                                                                                                                0x70433886
                                                                                                                                0x70433889
                                                                                                                                0x7043388a
                                                                                                                                0x7043388b
                                                                                                                                0x70433892
                                                                                                                                0x70433955
                                                                                                                                0x00000000
                                                                                                                                0x70433955
                                                                                                                                0x70433898
                                                                                                                                0x7043389b
                                                                                                                                0x7043389e
                                                                                                                                0x7043389f
                                                                                                                                0x704338a0
                                                                                                                                0x704338a7
                                                                                                                                0x70433959
                                                                                                                                0x70433959
                                                                                                                                0x70433954
                                                                                                                                0x00000000
                                                                                                                                0x70433954
                                                                                                                                0x704338ad
                                                                                                                                0x704338b2
                                                                                                                                0x704338b3
                                                                                                                                0x704338b8
                                                                                                                                0x704338b9
                                                                                                                                0x704338bb
                                                                                                                                0x704338bd
                                                                                                                                0x704338bf
                                                                                                                                0x704338c0
                                                                                                                                0x704338c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704338cd
                                                                                                                                0x704338d2
                                                                                                                                0x704338d3
                                                                                                                                0x704338d8
                                                                                                                                0x704338d9
                                                                                                                                0x704338db
                                                                                                                                0x704338dd
                                                                                                                                0x704338df
                                                                                                                                0x704338e0
                                                                                                                                0x704338e7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x704338ee
                                                                                                                                0x704338f1
                                                                                                                                0x704338f3
                                                                                                                                0x704338f4
                                                                                                                                0x704338f7
                                                                                                                                0x704338f8
                                                                                                                                0x704338ff
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433901
                                                                                                                                0x70433903
                                                                                                                                0x70433909
                                                                                                                                0x7043394c
                                                                                                                                0x7043394e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043390b
                                                                                                                                0x7043390b
                                                                                                                                0x70433911
                                                                                                                                0x70433912
                                                                                                                                0x70433915
                                                                                                                                0x70433918
                                                                                                                                0x7043391b
                                                                                                                                0x7043391d
                                                                                                                                0x7043391e
                                                                                                                                0x70433925
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043392b
                                                                                                                                0x7043392d
                                                                                                                                0x70433932
                                                                                                                                0x7043393c
                                                                                                                                0x7043393f
                                                                                                                                0x70433934
                                                                                                                                0x70433934
                                                                                                                                0x70433937
                                                                                                                                0x70433937
                                                                                                                                0x70433932
                                                                                                                                0x70433942
                                                                                                                                0x70433944
                                                                                                                                0x7043394a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043394a
                                                                                                                                0x00000000
                                                                                                                                0x7043387e
                                                                                                                                0x00000000
                                                                                                                                0x7043387e

                                                                                                                                APIs
                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,40000000,00000000), ref: 70433870
                                                                                                                                • WinUsb_Initialize.WINUSB(00000000,?), ref: 7043388B
                                                                                                                                • WinUsb_GetCurrentAlternateSetting.WINUSB(00000000,?,?,00000000,?), ref: 704338A0
                                                                                                                                • WinUsb_GetDescriptor.WINUSB(00000000,00000001,00000000,00000000,?,00000012,?,00000000,?,?,00000000,?), ref: 704338C0
                                                                                                                                • WinUsb_GetDescriptor.WINUSB(00000000,00000002,00000000,00000000,?,00000009,?,00000000,00000001,00000000,00000000,?,00000012,?,00000000,?), ref: 704338E0
                                                                                                                                • WinUsb_QueryInterfaceSettings.WINUSB(00000000,?,?,00000000,00000002,00000000,00000000,?,00000009,?,00000000,00000001,00000000,00000000,?,00000012), ref: 704338F8
                                                                                                                                • WinUsb_QueryPipe.WINUSB(00000001,?,?,?,00000000,?,?,00000000,00000002,00000000,00000000,?,00000009,?,00000000,00000001), ref: 7043391E
                                                                                                                                • ?CreateHandle@AdbObjectHandle@@UAEPAXXZ.ADBWINAPI(00000000,?,?,00000000,00000002,00000000,00000000,?,00000009,?,00000000,00000001,00000000,00000000,?,00000012), ref: 7043394E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Usb_$CreateDescriptorQuery$AlternateCurrentFileHandle@Handle@@InitializeInterfaceObjectPipeSettingSettings
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 119011680-0
                                                                                                                                • Opcode ID: c0e41e4a901b3f39a3c5ca62710d79982d5f36006e65500810c144be77eacd6b
                                                                                                                                • Instruction ID: ccf7828ee60654d109087b2e82d276f744c4531878ca2bba845c6cd602a80e05
                                                                                                                                • Opcode Fuzzy Hash: c0e41e4a901b3f39a3c5ca62710d79982d5f36006e65500810c144be77eacd6b
                                                                                                                                • Instruction Fuzzy Hash: C031B371640341FEEB2187A58D55F9FFBBC9F09205F50194DB682B7282E6A4F944DB20
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D5AE0, Relevance: 12.1, APIs: 8, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ASN1_item_i2d.ADB(?,00000000,?), ref: 013D5B0A
                                                                                                                                • i2d_X509_CERT_AUX.ADB(?,00000000), ref: 013D5B21
                                                                                                                                  • Part of subcall function 015318A0: ASN1_item_i2d.ADB(013D5BA3,013D5BA3,016ABD24,013D5BA3,?,?), ref: 015318AD
                                                                                                                                • OPENSSL_malloc.ADB(00000000), ref: 013D5B38
                                                                                                                                • ASN1_item_i2d.ADB(?,?,?), ref: 013D5B54
                                                                                                                                • i2d_X509_CERT_AUX.ADB(?), ref: 013D5B6C
                                                                                                                                • ASN1_item_i2d.ADB(?,?,?), ref: 013D5B88
                                                                                                                                • i2d_X509_CERT_AUX.ADB(?,?), ref: 013D5B9E
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013D5BCD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N1_item_i2d$X509_i2d_$L_freeL_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2447543164-0
                                                                                                                                • Opcode ID: 4352f1843952bfc7843bfe2a36685b8d0a43cb834bac3dee83304f0f803e6d88
                                                                                                                                • Instruction ID: 9a0fda2193afadb9d13fac1b8ece0e85067eb272aa456834b75e557bcb17bbda
                                                                                                                                • Opcode Fuzzy Hash: 4352f1843952bfc7843bfe2a36685b8d0a43cb834bac3dee83304f0f803e6d88
                                                                                                                                • Instruction Fuzzy Hash: 0421D6B3D017261BE7325E29BC41B277AEC9FB0298F090164ED55DB341F6A1DC004BD5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FB940, Relevance: 12.0, APIs: 4, Strings: 4, Instructions: 39stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-224), ref: 013FB94B
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-256), ref: 013FB95D
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-384), ref: 013FB96F
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-521), ref: 013FB981
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: strcmp
                                                                                                                                • String ID: P-224$P-256$P-384$P-521
                                                                                                                                • API String ID: 1004003707-2589044153
                                                                                                                                • Opcode ID: f805644495762f00e3e651715ed445c1f52c6e7efb18d9f139099c70e8fdb037
                                                                                                                                • Instruction ID: fb769095dcc6df104083405b4dc9a712fefb126baff97033f5bbf84f43f78784
                                                                                                                                • Opcode Fuzzy Hash: f805644495762f00e3e651715ed445c1f52c6e7efb18d9f139099c70e8fdb037
                                                                                                                                • Instruction Fuzzy Hash: 20F065567067222AFE50222DBC0AACF55CC5F5119DF48403DFD0DE168DF655D94A80E6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E47F0, Relevance: 10.8, APIs: 7, Instructions: 251COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E4816
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E4821
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E4873
                                                                                                                                • OPENSSL_realloc.ADB(?), ref: 013E48CC
                                                                                                                                • BN_num_bits.ADB(?), ref: 013E48F4
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013E4999
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_getmemcpy$L_reallocN_num_bits
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1741109858-0
                                                                                                                                • Opcode ID: bcbd4ee7e2e3fbc9a73aa9c33432a262d7ff79688827c5c92c0086f0b90eb47d
                                                                                                                                • Instruction ID: 841cc0fad09f8084916dc1189388329780da6fcb9c2320895d9c83ffc70b6e87
                                                                                                                                • Opcode Fuzzy Hash: bcbd4ee7e2e3fbc9a73aa9c33432a262d7ff79688827c5c92c0086f0b90eb47d
                                                                                                                                • Instruction Fuzzy Hash: C791B074604316DFEB20DF18D888B2ABBE5BF4831CF04856CE959DB681E731E954CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F94A0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000143,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94BF
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000085,external/boringssl/src/crypto/fipsmodule/ec/scalar.c,0000001C,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94D7
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F95B4
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F95CB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/scalar.c, xrefs: 013F94C9
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013F94B4, 013F9597
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/ec/scalar.c
                                                                                                                                • API String ID: 809555723-3652571076
                                                                                                                                • Opcode ID: 43710a2cddefef29ea32ba59891885ec35ccd324f19160d44be206d00774d5a2
                                                                                                                                • Instruction ID: d69ef68416f2045e73f5c02726e95cf683b60e43685cc2c21c9f7904b8e56f44
                                                                                                                                • Opcode Fuzzy Hash: 43710a2cddefef29ea32ba59891885ec35ccd324f19160d44be206d00774d5a2
                                                                                                                                • Instruction Fuzzy Hash: E24148317083058BE7209E38D845B26B792AFD535CF09833DFA5A77682EB71A941C780
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2A60, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000073,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000BC), ref: 013F2A9B
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000067,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000D3), ref: 013F2B0F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F2B25
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000068,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000F0), ref: 013F2BA7
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F2BBF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 3389987327-2050848870
                                                                                                                                • Opcode ID: 7992e62aec30e24d304cc155c3852312892f396bcf710c7d53db1850f479e086
                                                                                                                                • Instruction ID: 149abacefb9e2ae918c57e0eb2079f97189aa505af64d7fab31fbc5435ab66c6
                                                                                                                                • Opcode Fuzzy Hash: 7992e62aec30e24d304cc155c3852312892f396bcf710c7d53db1850f479e086
                                                                                                                                • Instruction Fuzzy Hash: 7C41D671A44319FFEA205E158C51F2F7BA9EB95B08F45052CFF4667291D6B1EC008762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098472C, Relevance: 10.6, APIs: 7, Instructions: 132fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 44%
                                                                                                                                			E7098472C(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t51;
				signed int _t55;
				signed int _t58;
				void _t60;
				void* _t65;
				long _t71;
				signed int _t72;
				signed int _t73;
				signed char _t81;
				long _t82;
				signed int _t83;
				intOrPtr _t88;
				long _t96;
				signed int _t102;
				signed int _t104;
				signed int _t107;
				void* _t108;

				_t83 = __ecx;
				_push(0x1c);
				E70988000(E70992D4F, __ebx, __edi, __esi);
				_t102 = __ecx;
				_t51 =  *(_t108 + 0x14);
				_t107 = 0;
				if(_t51 != 0) {
					 *_t51 = 0;
				}
				if( *((intOrPtr*)(_t102 + 4)) != _t107) {
					__eflags =  *(_t108 + 0x1c) - _t107;
					_t81 =  *(_t108 + 8);
					__eflags = _t81;
					_push(0x34);
					 *(_t108 - 0x14) = (_t83 & 0xffffff00 | _t81 != 0x00000000) - 0x00000001 & (_t51 & 0xffffff00 |  *(_t108 + 0x1c) != _t107);
					 *(_t108 - 4) = _t107;
					_t88 = L70986D9E();
					 *((intOrPtr*)(_t108 - 0x18)) = _t88;
					 *(_t108 - 4) = 1;
					__eflags = _t88 - _t107;
					if(__eflags != 0) {
						_t107 = E70985C5F(_t88, __eflags, _t102,  *(_t108 + 0x10),  *(_t108 + 0x18),  *(_t108 - 0x14));
					}
					 *(_t108 - 4) =  *(_t108 - 4) | 0xffffffff;
					_t55 =  *((intOrPtr*)( *_t107 + 0xc))();
					 *(_t108 + 0x18) = _t55;
					 *(_t108 + 8) = 0;
					__eflags = _t55;
					if(_t55 != 0) {
						_t60 =  *(_t108 + 0x1c);
						__eflags = _t60;
						if(_t60 != 0) {
							 *(_t108 - 0x28) = _t60;
							asm("sbb eax, eax");
							 *(_t108 - 0x20) = 0;
							 *((intOrPtr*)(_t108 - 0x1c)) = 0;
							asm("sbb ecx, ecx");
							 *(_t108 - 0x24) =  !( ~(_t81 & 0x000000ff)) &  *(_t108 + 0x10);
							_t65 =  *(_t108 + 0xc);
							 *(_t108 - 0x20) =  !( ~(_t81 & 0x000000ff)) & _t65;
							__eflags = _t81;
							if(_t81 == 0) {
								_t96 = 4;
							} else {
								_t96 =  *(_t108 + 0x10);
							}
							__eflags = _t81;
							if(_t81 == 0) {
								_t35 = _t107 + 0x2c; // 0x2c
								_t65 = _t35;
							}
							_t37 = _t107 + 0x10; // 0x10
							__eflags = _t81;
							_t71 = ((0 | _t81 == 0x00000000) - 0x00000001 & 0xffffbffe) + 0x22803c;
							__eflags = _t71;
							_t72 = DeviceIoControl( *(_t102 + 0x18), _t71, _t108 - 0x28, 0x10, _t65, _t96, _t108 + 8, _t37);
						} else {
							_t23 = _t107 + 0x10; // 0x10
							_push(_t108 + 8);
							_push( *(_t108 + 0x10));
							_push( *(_t108 + 0xc));
							_push( *(_t102 + 0x18));
							__eflags = _t81;
							if(_t81 == 0) {
								_t72 = WriteFile();
							} else {
								_t72 = ReadFile();
							}
						}
						_t104 = _t72;
						_t73 =  *(_t108 + 0x14);
						__eflags = _t73;
						if(_t73 != 0) {
							 *_t73 =  *(_t108 + 8);
						}
						_t82 = GetLastError();
						__eflags = _t104;
						if(_t104 == 0) {
							__eflags = _t82 - 0x3e5;
							if(_t82 != 0x3e5) {
								 *((intOrPtr*)( *_t107 + 0x10))();
								_t45 = _t108 + 0x18;
								 *_t45 =  *(_t108 + 0x18) & _t104;
								__eflags =  *_t45;
								SetLastError(_t82);
							}
						}
					}
					 *((intOrPtr*)( *_t107 + 8))();
					_t58 =  *(_t108 + 0x18);
				} else {
					SetLastError(6);
					_t58 = 0;
				}
				return E709880B4(_t58);
			}




















                                                                                                                                0x7098472c
                                                                                                                                0x7098472c
                                                                                                                                0x70984733
                                                                                                                                0x70984738
                                                                                                                                0x7098473a
                                                                                                                                0x7098473d
                                                                                                                                0x70984741
                                                                                                                                0x70984743
                                                                                                                                0x70984743
                                                                                                                                0x70984748
                                                                                                                                0x7098475c
                                                                                                                                0x7098475f
                                                                                                                                0x70984765
                                                                                                                                0x7098476e
                                                                                                                                0x70984770
                                                                                                                                0x70984773
                                                                                                                                0x7098477c
                                                                                                                                0x7098477e
                                                                                                                                0x70984781
                                                                                                                                0x70984785
                                                                                                                                0x70984787
                                                                                                                                0x70984798
                                                                                                                                0x70984798
                                                                                                                                0x7098479c
                                                                                                                                0x709847a2
                                                                                                                                0x709847a7
                                                                                                                                0x709847aa
                                                                                                                                0x709847ad
                                                                                                                                0x709847af
                                                                                                                                0x709847b5
                                                                                                                                0x709847b8
                                                                                                                                0x709847ba
                                                                                                                                0x709847e2
                                                                                                                                0x709847ea
                                                                                                                                0x709847ec
                                                                                                                                0x709847ef
                                                                                                                                0x709847fc
                                                                                                                                0x709847fe
                                                                                                                                0x70984801
                                                                                                                                0x70984808
                                                                                                                                0x7098480b
                                                                                                                                0x7098480d
                                                                                                                                0x70984816
                                                                                                                                0x7098480f
                                                                                                                                0x7098480f
                                                                                                                                0x7098480f
                                                                                                                                0x70984817
                                                                                                                                0x70984819
                                                                                                                                0x7098481b
                                                                                                                                0x7098481b
                                                                                                                                0x7098481b
                                                                                                                                0x70984821
                                                                                                                                0x70984833
                                                                                                                                0x7098483e
                                                                                                                                0x7098483e
                                                                                                                                0x70984845
                                                                                                                                0x709847bc
                                                                                                                                0x709847bf
                                                                                                                                0x709847c6
                                                                                                                                0x709847c7
                                                                                                                                0x709847ca
                                                                                                                                0x709847cd
                                                                                                                                0x709847ce
                                                                                                                                0x709847d0
                                                                                                                                0x709847da
                                                                                                                                0x709847d2
                                                                                                                                0x709847d2
                                                                                                                                0x709847d2
                                                                                                                                0x709847d0
                                                                                                                                0x7098484b
                                                                                                                                0x7098484d
                                                                                                                                0x70984850
                                                                                                                                0x70984852
                                                                                                                                0x70984857
                                                                                                                                0x70984857
                                                                                                                                0x7098485f
                                                                                                                                0x70984861
                                                                                                                                0x70984863
                                                                                                                                0x70984865
                                                                                                                                0x7098486b
                                                                                                                                0x70984871
                                                                                                                                0x70984874
                                                                                                                                0x70984874
                                                                                                                                0x70984874
                                                                                                                                0x70984878
                                                                                                                                0x70984878
                                                                                                                                0x7098486b
                                                                                                                                0x70984863
                                                                                                                                0x70984882
                                                                                                                                0x70984885
                                                                                                                                0x7098474a
                                                                                                                                0x7098474c
                                                                                                                                0x70984752
                                                                                                                                0x70984752
                                                                                                                                0x70984759

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 70984733
                                                                                                                                • SetLastError.KERNEL32(00000006,0000001C), ref: 7098474C
                                                                                                                                  • Part of subcall function 70986E08: _malloc.LIBCMT ref: 70986DB8
                                                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000010), ref: 709847D2
                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000010), ref: 709847DA
                                                                                                                                • GetLastError.KERNEL32 ref: 70984859
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 70984878
                                                                                                                                  • Part of subcall function 70985C5F: ??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z.ADBWINAPI(?,?,?), ref: 70985C70
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$File$Completion@@EndpointH_prolog3_catchObject@@ReadWrite_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2294915983-0
                                                                                                                                • Opcode ID: 23ed0019fd72ec8aeef5b7dc8076cea27ab77673b132a3b527d5c65facadfdc6
                                                                                                                                • Instruction ID: f5852934787c38523a41b5fc18f47ea2bdc8001720f0adee902647dc21d21359
                                                                                                                                • Opcode Fuzzy Hash: 23ed0019fd72ec8aeef5b7dc8076cea27ab77673b132a3b527d5c65facadfdc6
                                                                                                                                • Instruction Fuzzy Hash: 7B41AC72640246DFCB09CF68C851AAE7BF8BF09750B144129F956DB3D0C774D9509BA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709855FF, Relevance: 10.6, APIs: 7, Instructions: 120fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 75%
                                                                                                                                			E709855FF(void* __ecx, char* __edx, void* __edi, void* __esi, char* _a4, int* _a8, intOrPtr _a12) {
				signed int _v8;
				short _v1032;
				int* _v1036;
				long _v1040;
				char* _v1044;
				void* __ebx;
				signed int _t21;
				WCHAR* _t24;
				intOrPtr* _t31;
				int _t35;
				signed int _t36;
				signed int _t39;
				signed short* _t41;
				void* _t45;
				intOrPtr _t49;
				int _t54;
				char _t56;
				char* _t57;
				void* _t58;
				void* _t59;
				long _t60;
				void* _t61;
				void* _t62;
				signed int _t63;

				_t61 = __esi;
				_t59 = __edi;
				_t57 = __edx;
				_t21 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t21 ^ _t63;
				_v1044 = _a4;
				_v1036 = _a8;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					_t24 =  *(__ecx + 0x38);
					if(_t24 == 0) {
						_t24 = 0x709812f0;
					}
					_push(_t61);
					_t62 = CreateFileW(_t24, 0x80000000, 3, 0, 3, 0, 0);
					if(_t62 != 0xffffffff) {
						_push(_t59);
						_v1040 = 0;
						if(DeviceIoControl(_t62, 0x224040, 0, 0,  &_v1032, 0x400,  &_v1040, 0) == 0) {
							_t60 = GetLastError();
						} else {
							_t60 = 0;
						}
						CloseHandle(_t62);
						if(_t60 == 0) {
							_t31 =  &_v1032;
							_t58 = _t31 + 2;
							do {
								_t49 =  *_t31;
								_t31 = _t31 + 2;
							} while (_t49 != 0);
							_t57 = _v1044;
							_t35 = (_t31 - _t58 >> 1) + 1;
							if(_t57 == 0) {
								L20:
								 *_v1036 = _t35;
								_push(0x7a);
								goto L21;
							} else {
								_t54 =  *_v1036;
								if(_t54 < _t35) {
									goto L20;
								} else {
									if(_a12 != 0) {
										_t39 = WideCharToMultiByte(0, 0,  &_v1032, _t35, _t57, _t54, 0, 0);
										asm("sbb eax, eax");
										_t36 =  ~( ~_t39);
									} else {
										_t41 =  &_v1032;
										_t57 = _t57 - _t41;
										do {
											_t56 =  *_t41 & 0x0000ffff;
											_t57[_t41] = _t56;
											_t41 =  &(_t41[1]);
										} while (_t56 != 0);
										_t36 = 1;
									}
								}
							}
						} else {
							_push(_t60);
							L21:
							SetLastError();
							_t36 = 0;
						}
						_pop(_t59);
					} else {
						_t36 = 0;
					}
					_pop(_t61);
				} else {
					SetLastError(6);
					_t36 = 0;
				}
				_pop(_t45);
				return E70987FB3(_t36, _t45, _v8 ^ _t63, _t57, _t59, _t61);
			}



























                                                                                                                                0x709855ff
                                                                                                                                0x709855ff
                                                                                                                                0x709855ff
                                                                                                                                0x7098560a
                                                                                                                                0x70985611
                                                                                                                                0x7098561a
                                                                                                                                0x70985625
                                                                                                                                0x7098562e
                                                                                                                                0x7098563f
                                                                                                                                0x70985644
                                                                                                                                0x70985646
                                                                                                                                0x70985646
                                                                                                                                0x7098564b
                                                                                                                                0x7098565f
                                                                                                                                0x70985664
                                                                                                                                0x7098566d
                                                                                                                                0x7098568a
                                                                                                                                0x70985698
                                                                                                                                0x709856a4
                                                                                                                                0x7098569a
                                                                                                                                0x7098569a
                                                                                                                                0x7098569a
                                                                                                                                0x709856a7
                                                                                                                                0x709856af
                                                                                                                                0x709856b4
                                                                                                                                0x709856ba
                                                                                                                                0x709856bd
                                                                                                                                0x709856bd
                                                                                                                                0x709856c1
                                                                                                                                0x709856c2
                                                                                                                                0x709856c9
                                                                                                                                0x709856d1
                                                                                                                                0x709856d4
                                                                                                                                0x7098571f
                                                                                                                                0x70985725
                                                                                                                                0x70985727
                                                                                                                                0x00000000
                                                                                                                                0x709856d6
                                                                                                                                0x709856dc
                                                                                                                                0x709856e0
                                                                                                                                0x00000000
                                                                                                                                0x709856e2
                                                                                                                                0x709856e5
                                                                                                                                0x70985711
                                                                                                                                0x70985719
                                                                                                                                0x7098571b
                                                                                                                                0x709856e7
                                                                                                                                0x709856e7
                                                                                                                                0x709856ef
                                                                                                                                0x709856f1
                                                                                                                                0x709856f1
                                                                                                                                0x709856f4
                                                                                                                                0x709856f9
                                                                                                                                0x709856fa
                                                                                                                                0x709856ff
                                                                                                                                0x709856ff
                                                                                                                                0x709856e5
                                                                                                                                0x709856e0
                                                                                                                                0x709856b1
                                                                                                                                0x709856b1
                                                                                                                                0x70985729
                                                                                                                                0x70985729
                                                                                                                                0x7098572f
                                                                                                                                0x7098572f
                                                                                                                                0x70985731
                                                                                                                                0x70985666
                                                                                                                                0x70985666
                                                                                                                                0x70985666
                                                                                                                                0x70985732
                                                                                                                                0x70985630
                                                                                                                                0x70985632
                                                                                                                                0x70985638
                                                                                                                                0x70985638
                                                                                                                                0x70985738
                                                                                                                                0x7098573f

                                                                                                                                APIs
                                                                                                                                • SetLastError.KERNEL32(00000006), ref: 70985632
                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 70985659
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateErrorFileLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1214770103-0
                                                                                                                                • Opcode ID: 6958ff36cdf5e81a783c246cbdf44d69a0e2b68537f5976852f3e32bc1097b19
                                                                                                                                • Instruction ID: 7310ecc0eb50cdab36191425bd23571ca6472bfc50fb553a7118b6982aac2baa
                                                                                                                                • Opcode Fuzzy Hash: 6958ff36cdf5e81a783c246cbdf44d69a0e2b68537f5976852f3e32bc1097b19
                                                                                                                                • Instruction Fuzzy Hash: D431A2B1610118FFDB119F25CC84EAE73BDEB45344F6040A9E607D73D0EA749E899A26
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70433538, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E70433538(void* __ebx, void* __ecx, signed char* __edi, void* __esi, void* __eflags) {
				int _t38;
				int _t51;
				long _t52;
				signed char* _t56;
				char* _t61;
				int _t63;
				int _t68;
				void* _t77;
				int _t81;
				void* _t82;

				_t75 = __edi;
				_push(0x58);
				E70434847(E7043C28E, __ebx, __edi, __esi);
				_t61 =  *(_t82 + 8);
				_t77 = __ecx;
				_t63 =  *(_t82 + 0xc);
				 *(_t82 - 0x60) = _t63;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					__eflags = _t63;
					if(_t63 != 0) {
						_t75 = _t82 - 0x54;
						 *((intOrPtr*)(_t82 - 0x5c)) = 0x40;
						while(1) {
							_t38 =  *(_t77 + 0x48);
							_push(_t82 - 0x64);
							_push( *((intOrPtr*)(_t82 - 0x5c)));
							_push(_t75);
							_push(0x409);
							_push( *(_t77 + 0x20) & 0x000000ff);
							_push(3);
							_push(_t38);
							L7043C124();
							__eflags = _t38;
							if(_t38 != 0) {
								break;
							}
							_t52 = GetLastError();
							__eflags = _t52 - 0x7a;
							if(_t52 == 0x7a) {
								 *((intOrPtr*)(_t82 - 0x5c)) =  *((intOrPtr*)(_t82 - 0x5c)) +  *((intOrPtr*)(_t82 - 0x5c));
								__eflags = _t75 - _t82 - 0x54;
								if(__eflags != 0) {
									_push(_t75);
									E70434B71(_t77, __eflags);
								}
								_push( *((intOrPtr*)(_t82 - 0x5c)));
								 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
								_t56 = E70434B61();
								 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
								_t75 = _t56;
								continue;
							}
							__eflags = _t75 - _t82 - 0x54;
							if(__eflags != 0) {
								_push(_t75);
								E70434B71(_t77, __eflags);
							}
							goto L26;
						}
						_t81 = ( *_t75 & 0x000000ff) >> 1;
						__eflags = _t61;
						if(_t61 == 0) {
							L22:
							__eflags = _t75 - _t82 - 0x54;
							if(__eflags != 0) {
								_push(_t75);
								E70434B71(_t81, __eflags);
							}
							_t81 = _t81 + 1;
							__eflags = _t81;
							 *( *(_t82 - 0x60)) = _t81;
							_push(0x7a);
							goto L25;
						}
						_t68 =  *( *(_t82 - 0x60));
						__eflags = _t68 - _t81 + 1;
						if(_t68 < _t81 + 1) {
							goto L22;
						}
						 *((char*)(_t82 - 0x55)) = 1;
						__eflags =  *(_t82 + 0x10);
						if( *(_t82 + 0x10) == 0) {
							E70434B90(_t61, _t75, _t81, _t61,  &(_t75[2]),  *((intOrPtr*)(_t82 - 0x64)));
							__eflags = 0;
							 *((short*)(_t61 + _t81 * 2)) = 0;
						} else {
							_t51 = WideCharToMultiByte(0, 0,  &(_t75[2]), _t81, _t61, _t68, 0, 0);
							__eflags = _t51;
							if(_t51 == 0) {
								 *((char*)(_t82 - 0x55)) = 0;
							} else {
								_t61[_t81] = 0;
							}
						}
						__eflags = _t75 - _t82 - 0x54;
						if(__eflags != 0) {
							_push(_t75);
							E70434B71(_t81, __eflags);
						}
						goto L27;
					}
					_push(0x57);
					goto L25;
				} else {
					_push(6);
					L25:
					SetLastError();
					L26:
					L27:
					return E7043489E(_t61, _t75, _t81);
				}
			}













                                                                                                                                0x70433538
                                                                                                                                0x70433538
                                                                                                                                0x7043353f
                                                                                                                                0x70433544
                                                                                                                                0x70433547
                                                                                                                                0x7043354c
                                                                                                                                0x7043354f
                                                                                                                                0x70433554
                                                                                                                                0x7043355d
                                                                                                                                0x7043355f
                                                                                                                                0x70433568
                                                                                                                                0x7043356b
                                                                                                                                0x70433572
                                                                                                                                0x70433572
                                                                                                                                0x70433578
                                                                                                                                0x70433579
                                                                                                                                0x70433580
                                                                                                                                0x70433581
                                                                                                                                0x70433586
                                                                                                                                0x70433587
                                                                                                                                0x70433589
                                                                                                                                0x7043358a
                                                                                                                                0x7043358f
                                                                                                                                0x70433591
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433593
                                                                                                                                0x70433599
                                                                                                                                0x7043359c
                                                                                                                                0x704335ba
                                                                                                                                0x704335c0
                                                                                                                                0x704335c2
                                                                                                                                0x704335c4
                                                                                                                                0x704335c5
                                                                                                                                0x704335ca
                                                                                                                                0x704335cb
                                                                                                                                0x704335ce
                                                                                                                                0x704335d2
                                                                                                                                0x704335d7
                                                                                                                                0x704335dc
                                                                                                                                0x00000000
                                                                                                                                0x704335dc
                                                                                                                                0x704335a1
                                                                                                                                0x704335a3
                                                                                                                                0x704335a9
                                                                                                                                0x704335aa
                                                                                                                                0x704335af
                                                                                                                                0x00000000
                                                                                                                                0x704335a3
                                                                                                                                0x704335f5
                                                                                                                                0x704335f7
                                                                                                                                0x704335f9
                                                                                                                                0x7043365a
                                                                                                                                0x7043365d
                                                                                                                                0x7043365f
                                                                                                                                0x70433661
                                                                                                                                0x70433662
                                                                                                                                0x70433667
                                                                                                                                0x7043366b
                                                                                                                                0x7043366b
                                                                                                                                0x7043366c
                                                                                                                                0x7043366e
                                                                                                                                0x00000000
                                                                                                                                0x7043366e
                                                                                                                                0x704335fe
                                                                                                                                0x70433603
                                                                                                                                0x70433605
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433607
                                                                                                                                0x7043360b
                                                                                                                                0x7043360e
                                                                                                                                0x70433639
                                                                                                                                0x70433641
                                                                                                                                0x70433643
                                                                                                                                0x70433610
                                                                                                                                0x7043361b
                                                                                                                                0x70433621
                                                                                                                                0x70433623
                                                                                                                                0x7043362b
                                                                                                                                0x70433625
                                                                                                                                0x70433625
                                                                                                                                0x70433625
                                                                                                                                0x70433623
                                                                                                                                0x7043364a
                                                                                                                                0x7043364c
                                                                                                                                0x7043364e
                                                                                                                                0x7043364f
                                                                                                                                0x70433654
                                                                                                                                0x00000000
                                                                                                                                0x70433655
                                                                                                                                0x70433561
                                                                                                                                0x00000000
                                                                                                                                0x70433556
                                                                                                                                0x70433556
                                                                                                                                0x70433670
                                                                                                                                0x70433670
                                                                                                                                0x70433676
                                                                                                                                0x70433678
                                                                                                                                0x7043367d
                                                                                                                                0x7043367d

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 7043353F
                                                                                                                                • SetLastError.KERNEL32(0000007A,?,00000003,?,00000409,?,00000040,?), ref: 70433670
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorH_prolog3_catch_Last
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 3767293031-2766056989
                                                                                                                                • Opcode ID: 1c19d9ca48355d3902b618dd83c856f680ad6506804016735409958c2a448185
                                                                                                                                • Instruction ID: cc77e0cb99eb7bfe12e0288c1098d5dfc7d0e38d96dde274fdb728a375b3a3b9
                                                                                                                                • Opcode Fuzzy Hash: 1c19d9ca48355d3902b618dd83c856f680ad6506804016735409958c2a448185
                                                                                                                                • Instruction Fuzzy Hash: BB41B431900245BEDB158BA4CC86FAEF7B9AF49345F90601DE446BB384EB78AD05CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043614D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E7043614D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t19;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t50;
				void* _t51;
				void* _t56;
				LONG* _t58;
				intOrPtr* _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t79;

				_t57 = __edi;
				_t49 = __ebx;
				_push(8);
				_push(0x7043c768);
				_t19 = E70434970(__ebx, __edi, __esi);
				_t61 =  *((intOrPtr*)(_t62 + 8));
				if(_t61 != 0) {
					_t22 =  *((intOrPtr*)(_t61 + 0x28));
					_t66 = _t22;
					if(_t22 != 0) {
						E70435202(_t49, _t57, _t61, _t66);
						_t50 = _t22;
					}
					_t23 =  *((intOrPtr*)(_t61 + 0x2c));
					_t67 = _t23;
					if(_t23 != 0) {
						E70435202(_t49, _t57, _t61, _t67);
						_t50 = _t23;
					}
					_t24 =  *((intOrPtr*)(_t61 + 0x30));
					_t68 = _t24;
					if(_t24 != 0) {
						E70435202(_t49, _t57, _t61, _t68);
						_t50 = _t24;
					}
					_t25 =  *((intOrPtr*)(_t61 + 0x34));
					_t69 = _t25;
					if(_t25 != 0) {
						E70435202(_t49, _t57, _t61, _t69);
						_t50 = _t25;
					}
					_t26 =  *((intOrPtr*)(_t61 + 0x3c));
					_t70 = _t26;
					if(_t26 != 0) {
						E70435202(_t49, _t57, _t61, _t70);
						_t50 = _t26;
					}
					_t27 =  *((intOrPtr*)(_t61 + 0x40));
					_t71 = _t27;
					if(_t27 != 0) {
						E70435202(_t49, _t57, _t61, _t71);
						_t50 = _t27;
					}
					_t28 =  *((intOrPtr*)(_t61 + 0x44));
					_t72 = _t28;
					if(_t28 != 0) {
						E70435202(_t49, _t57, _t61, _t72);
						_t50 = _t28;
					}
					_t29 =  *((intOrPtr*)(_t61 + 0x48));
					_t73 = _t29;
					if(_t29 != 0) {
						E70435202(_t49, _t57, _t61, _t73);
						_t50 = _t29;
					}
					_t30 =  *((intOrPtr*)(_t61 + 0x5c));
					_t74 = _t30 - 0x7043e068;
					if(_t30 != 0x7043e068) {
						E70435202(_t49, _t57, _t61, _t74);
						_t50 = _t30;
					}
					E7043857A(_t49, _t50, _t56, _t57, 0xd);
					_pop(_t51);
					 *(_t62 - 4) =  *(_t62 - 4) & 0x00000000;
					_t58 =  *(_t61 + 0x68);
					if(_t58 != 0 && InterlockedDecrement(_t58) == 0) {
						_t77 = _t58 - 0x7043e5c0;
						if(_t58 != 0x7043e5c0) {
							E70435202(_t49, _t58, _t61, _t77);
							_t51 = _t58;
						}
					}
					 *(_t62 - 4) = 0xfffffffe;
					E70436283();
					E7043857A(_t49, _t51, _t56, _t58, 0xc);
					 *(_t62 - 4) = 1;
					_t59 =  *((intOrPtr*)(_t61 + 0x6c));
					if(_t59 != 0) {
						E704399CF(_t59);
						_t79 = _t59 -  *0x7043e5b0; // 0x7043e4d8
						if(_t79 != 0 && _t59 != 0x7043e4d8) {
							_t81 =  *_t59;
							if( *_t59 == 0) {
								E704397ED(_t59);
							}
						}
					}
					 *(_t62 - 4) = 0xfffffffe;
					E7043628F();
					_push(_t61);
					_t19 = E70435202(_t49, _t59, _t61, _t81);
				}
				return E704349B5(_t19);
			}





















                                                                                                                                0x7043614d
                                                                                                                                0x7043614d
                                                                                                                                0x7043614d
                                                                                                                                0x7043614f
                                                                                                                                0x70436154
                                                                                                                                0x70436159
                                                                                                                                0x7043615e
                                                                                                                                0x70436172
                                                                                                                                0x70436175
                                                                                                                                0x70436177
                                                                                                                                0x7043617a
                                                                                                                                0x7043617f
                                                                                                                                0x7043617f
                                                                                                                                0x70436180
                                                                                                                                0x70436183
                                                                                                                                0x70436185
                                                                                                                                0x70436188
                                                                                                                                0x7043618d
                                                                                                                                0x7043618d
                                                                                                                                0x7043618e
                                                                                                                                0x70436191
                                                                                                                                0x70436193
                                                                                                                                0x70436196
                                                                                                                                0x7043619b
                                                                                                                                0x7043619b
                                                                                                                                0x7043619c
                                                                                                                                0x7043619f
                                                                                                                                0x704361a1
                                                                                                                                0x704361a4
                                                                                                                                0x704361a9
                                                                                                                                0x704361a9
                                                                                                                                0x704361aa
                                                                                                                                0x704361ad
                                                                                                                                0x704361af
                                                                                                                                0x704361b2
                                                                                                                                0x704361b7
                                                                                                                                0x704361b7
                                                                                                                                0x704361b8
                                                                                                                                0x704361bb
                                                                                                                                0x704361bd
                                                                                                                                0x704361c0
                                                                                                                                0x704361c5
                                                                                                                                0x704361c5
                                                                                                                                0x704361c6
                                                                                                                                0x704361c9
                                                                                                                                0x704361cb
                                                                                                                                0x704361ce
                                                                                                                                0x704361d3
                                                                                                                                0x704361d3
                                                                                                                                0x704361d4
                                                                                                                                0x704361d7
                                                                                                                                0x704361d9
                                                                                                                                0x704361dc
                                                                                                                                0x704361e1
                                                                                                                                0x704361e1
                                                                                                                                0x704361e2
                                                                                                                                0x704361e5
                                                                                                                                0x704361ea
                                                                                                                                0x704361ed
                                                                                                                                0x704361f2
                                                                                                                                0x704361f2
                                                                                                                                0x704361f5
                                                                                                                                0x704361fa
                                                                                                                                0x704361fb
                                                                                                                                0x704361ff
                                                                                                                                0x70436204
                                                                                                                                0x70436211
                                                                                                                                0x70436217
                                                                                                                                0x7043621a
                                                                                                                                0x7043621f
                                                                                                                                0x7043621f
                                                                                                                                0x70436217
                                                                                                                                0x70436220
                                                                                                                                0x70436227
                                                                                                                                0x7043622e
                                                                                                                                0x70436234
                                                                                                                                0x7043623b
                                                                                                                                0x70436240
                                                                                                                                0x70436243
                                                                                                                                0x70436249
                                                                                                                                0x7043624f
                                                                                                                                0x70436259
                                                                                                                                0x7043625c
                                                                                                                                0x7043625f
                                                                                                                                0x70436264
                                                                                                                                0x7043625c
                                                                                                                                0x7043624f
                                                                                                                                0x70436265
                                                                                                                                0x7043626c
                                                                                                                                0x70436271
                                                                                                                                0x70436272
                                                                                                                                0x70436277
                                                                                                                                0x7043627d

                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 704361F5
                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 70436207
                                                                                                                                • __lock.LIBCMT ref: 7043622E
                                                                                                                                • ___removelocaleref.LIBCMT ref: 70436243
                                                                                                                                • ___freetlocinfo.LIBCMT ref: 7043625F
                                                                                                                                  • Part of subcall function 70435202: __lock.LIBCMT ref: 70435220
                                                                                                                                  • Part of subcall function 70435202: ___sbh_find_block.LIBCMT ref: 7043522B
                                                                                                                                  • Part of subcall function 70435202: ___sbh_free_block.LIBCMT ref: 7043523A
                                                                                                                                  • Part of subcall function 70435202: HeapFree.KERNEL32(00000000,70433EBE,7043C6C8,0000000C,70438556,00000000,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004,7043C6E8,0000000C), ref: 7043526A
                                                                                                                                  • Part of subcall function 70435202: GetLastError.KERNEL32(?,70435316,00000004,7043C6E8,0000000C,7043A2D0,70433EBE,?,00000000,00000000,00000000,?,704360E4,00000001,00000214), ref: 7043527B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __lock$DecrementErrorFreeHeapInterlockedLast___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block
                                                                                                                                • String ID: hCp
                                                                                                                                • API String ID: 3046847140-4230423279
                                                                                                                                • Opcode ID: 4a6cb00763592f0f1918f2ec268064110eef7920d5b6e3fec0a5d6ee319d4520
                                                                                                                                • Instruction ID: 5883284bcad0306bf3397bc6d894a5f64d0d88c2028330638a44e699f6ec345f
                                                                                                                                • Opcode Fuzzy Hash: 4a6cb00763592f0f1918f2ec268064110eef7920d5b6e3fec0a5d6ee319d4520
                                                                                                                                • Instruction Fuzzy Hash: 14316F72601302AEDA105A79E942F1FF7F86F4C618FA2A54DF456F7284DE6CF8408A24
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140B010, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140B049
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 0140B05A
                                                                                                                                • RSA_padding_add_PKCS1_PSS_mgf1.ADB(?,00000000,?,?,?,?), ref: 0140B077
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007D,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000022A), ref: 0140B0B4
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140B0DC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_padding_add_L_freeL_mallocN_num_bitsR_put_errorS_mgf1
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 3934664825-3754478375
                                                                                                                                • Opcode ID: 6071c29a79b71b388816934b99435b45f7ecbd1bc78f2cb335d8a8e632d67a30
                                                                                                                                • Instruction ID: ff76c23f79c5db881b872249c814167c84bc38568b34d15f54d9bd94cc07da1f
                                                                                                                                • Opcode Fuzzy Hash: 6071c29a79b71b388816934b99435b45f7ecbd1bc78f2cb335d8a8e632d67a30
                                                                                                                                • Instruction Fuzzy Hash: 3B2128F97043017FE612EA629C81F2B369CEF94604F444039FA09973E1E6B1D911C676
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E77E0, Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f41f9cb1fa9ac178fdda12754dcab3fddbe31d436f1d124f252c5019c204cf11
                                                                                                                                • Instruction ID: 7c3f70d6dda5d2ae993ef96266af22a3863a1ac3fa9471c5565874effc89c6f7
                                                                                                                                • Opcode Fuzzy Hash: f41f9cb1fa9ac178fdda12754dcab3fddbe31d436f1d124f252c5019c204cf11
                                                                                                                                • Instruction Fuzzy Hash: 372106B1900339ABEB219E599C49B7B7BDCAF2165CF404028FD445A282E371D811C7D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2DD0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F2E02
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000088), ref: 013F2E11
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F2E29
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,?), ref: 013F2E46
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,0000006C,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,00000065), ref: 013F2E80
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/cipher.c, xrefs: 013F2E75, 013F2E98
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$L_freeL_mallocR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 4159709324-705831790
                                                                                                                                • Opcode ID: 6e56eda1694e7b4c7be6e4dab8b3a5013269419ca6c7e9ff5e8c89873cfc85bd
                                                                                                                                • Instruction ID: 2d666082ae03f1bbc3bdd4e86b2817170aaea3f2146ac390c2d450217ab80f5d
                                                                                                                                • Opcode Fuzzy Hash: 6e56eda1694e7b4c7be6e4dab8b3a5013269419ca6c7e9ff5e8c89873cfc85bd
                                                                                                                                • Instruction Fuzzy Hash: AC21A470740312EBFB209E19DC95F673798AF60B08F28406CEB099A2D5E7B5D855C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E09F0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0A00
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013E0A6C
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E0AB9
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0AAE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormallocmemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 3537532488-2228489102
                                                                                                                                • Opcode ID: 0185a9d6578fcc0a96cb3a9c6ae050e346a79d4c42aa50a7795a5a0d8baa807e
                                                                                                                                • Instruction ID: 9549e3e689b6c2280c650967dfaeab03426f7523aafa6c34e92f2f010e4c4dad
                                                                                                                                • Opcode Fuzzy Hash: 0185a9d6578fcc0a96cb3a9c6ae050e346a79d4c42aa50a7795a5a0d8baa807e
                                                                                                                                • Instruction Fuzzy Hash: FB21C1B170032A9FF721DF18D848B57B7E8AF5074CF0A8118F9045B2D1E7B29446CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F75D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F75ED
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013F75FD
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 013F7649
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F766C
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F7679
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F7661
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_cleanseL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 3312742639-820803757
                                                                                                                                • Opcode ID: 1d543cc5d5998a2b51ef9756f061e772ac2d8b61553916346589645ba24ef793
                                                                                                                                • Instruction ID: f16561f0571e52a6873352e510d1fa8917b711b9037faff5c2e88c14ec802651
                                                                                                                                • Opcode Fuzzy Hash: 1d543cc5d5998a2b51ef9756f061e772ac2d8b61553916346589645ba24ef793
                                                                                                                                • Instruction Fuzzy Hash: D921D7B1904211AFEB00AF19DC05E9BBBA4EF50724F458129FD489B261E731E961C7D3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E0110, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0123
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E019F
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E017A
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E01B6
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E01CE
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0194
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocmallocmemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 28858965-2228489102
                                                                                                                                • Opcode ID: ec1abcf4353b8b8a1af85fe039e41505343689727a513068c35891b2e223f786
                                                                                                                                • Instruction ID: 2c0f62c274bfbdece893f400d9377484873bad441607d17ea17e490bcdce800a
                                                                                                                                • Opcode Fuzzy Hash: ec1abcf4353b8b8a1af85fe039e41505343689727a513068c35891b2e223f786
                                                                                                                                • Instruction Fuzzy Hash: 9521A1B97003229BEB148F18DC89B52B7F4BF20348F448028F905AF291E3B1D411CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3070, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E3075
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E3107
                                                                                                                                  • Part of subcall function 013E3120: OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 013E3120: BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                  • Part of subcall function 013E3120: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E30DC
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E30E7
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E30F0
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E30FC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocL_reallocR_put_errorX_getmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1569393809-589256770
                                                                                                                                • Opcode ID: 0f3aee902ad3795170c89b8c03063de1c9c83ef9ec3e73df28c851160fff2bc0
                                                                                                                                • Instruction ID: f49a7e721fba3e90a19124bdbc70b5dbc0964de587f68672135fe89d4881b463
                                                                                                                                • Opcode Fuzzy Hash: 0f3aee902ad3795170c89b8c03063de1c9c83ef9ec3e73df28c851160fff2bc0
                                                                                                                                • Instruction Fuzzy Hash: 6A01DBF46403126BE3206F15DC56F1776E4AFA0708F44843DF44957391E7B1E91986A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3A70, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E3A75
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E3B07
                                                                                                                                  • Part of subcall function 013E3600: OPENSSL_realloc.ADB(00000000,?), ref: 013E364A
                                                                                                                                  • Part of subcall function 013E3600: BN_CTX_get.ADB(?), ref: 013E368B
                                                                                                                                  • Part of subcall function 013E3600: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E36EF
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E3ADC
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E3AE7
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E3AF0
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E3AFC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocL_reallocR_put_errorX_getmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1569393809-589256770
                                                                                                                                • Opcode ID: 1d5810d4773617bca6fe1a672f5e08c2f6376a2316741e74791e71f9bc64e7ce
                                                                                                                                • Instruction ID: 92bc47aff15d7f5ef3698e7ab5776cd464cb38b4a5b2bde9792964c1d5d3474d
                                                                                                                                • Opcode Fuzzy Hash: 1d5810d4773617bca6fe1a672f5e08c2f6376a2316741e74791e71f9bc64e7ce
                                                                                                                                • Instruction Fuzzy Hash: BB012BF46403126FF3205F15DC4AF1776E4AFA0708F44843CF44A57391E3B1E90986A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD190, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,00000000,?), ref: 013FD1AB
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000072,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000010A,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD1D8
                                                                                                                                • EC_GROUP_free.ADB(?,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD1ED
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 013FD1F6
                                                                                                                                • EC_POINT_dup.ADB(00000000,?,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD201
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeP_cmpP_freeR_put_errorT_dup
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1965328866-3769350328
                                                                                                                                • Opcode ID: c3b7057edefa6c734cc0b4535464be401a0c36b05c484dd2ad3e9abf451f619f
                                                                                                                                • Instruction ID: 3067f4785a473da8b5388201588a26190652c3ee78601bf556d2ea05893954d8
                                                                                                                                • Opcode Fuzzy Hash: c3b7057edefa6c734cc0b4535464be401a0c36b05c484dd2ad3e9abf451f619f
                                                                                                                                • Instruction Fuzzy Hash: A3012BB1B4030277E6206AA85C46F1B36A86F60B1CF04443DFB4AA7181EAA1E4244262
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E41E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E41E4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E4272
                                                                                                                                  • Part of subcall function 013E3120: OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 013E3120: BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                  • Part of subcall function 013E3120: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E4247
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E4252
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E425B
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E4267
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocL_reallocR_put_errorX_getmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1569393809-589256770
                                                                                                                                • Opcode ID: ef47e697f6388f471b343e36774e2ae2f68bb524ef9dbc387b9152d80d0a0605
                                                                                                                                • Instruction ID: 53266cc7d048970ecb0e768c4e1f203fdd92f48bd63cd5545de496017066dfb6
                                                                                                                                • Opcode Fuzzy Hash: ef47e697f6388f471b343e36774e2ae2f68bb524ef9dbc387b9152d80d0a0605
                                                                                                                                • Instruction Fuzzy Hash: 1601F5F06403126BF3206F61EC4AF1776E4AF60608F40842CF449562D1E7B2E91986A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FABA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?,?), ref: 013FABB2
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002CA), ref: 013FABCE
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,00000044), ref: 013FABED
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FABFF
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FAC17
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FABC3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 900039384-1759677748
                                                                                                                                • Opcode ID: 87bf51b8f5dfe59d6d01a4fb44e5ed8cee9cc0a7681e73c0b9264f7c8dea7a6f
                                                                                                                                • Instruction ID: a35448f6633b17c49ff9e54a5f778fa03f68f9d0c6b5a8cb5c2656a833ea6a34
                                                                                                                                • Opcode Fuzzy Hash: 87bf51b8f5dfe59d6d01a4fb44e5ed8cee9cc0a7681e73c0b9264f7c8dea7a6f
                                                                                                                                • Instruction Fuzzy Hash: C801DBF6B402067BFA10A658EC86F56731CAB7474CF040039FB09971C5F6B6A91986B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098C1D0, Relevance: 9.2, APIs: 6, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E7098C1D0(void* __ecx, void* __edx, void* __eflags, int _a4, signed int _a8) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				void* _t56;
				signed char _t59;
				signed int _t61;
				short* _t62;
				signed int _t67;
				signed int _t71;
				signed char* _t79;
				signed int _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr* _t87;
				signed int _t93;
				signed char _t94;
				signed int _t95;
				signed int _t97;
				int _t99;
				signed int _t100;
				signed int _t103;
				intOrPtr* _t107;
				signed int _t109;

				_t53 =  *0x709960d0; // 0x6ee0df6e
				_v8 = _t53 ^ _t109;
				_t83 = _a8;
				_t99 = E7098C14F(_a4);
				_t102 = 0;
				_a4 = _t99;
				_t114 = _t99;
				if(_t99 != 0) {
					_v32 = 0;
					_t56 = 0;
					__eflags = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t56 + 0x709965f0)) - _t99;
						if( *((intOrPtr*)(_t56 + 0x709965f0)) == _t99) {
							break;
						}
						_v32 = _v32 + 1;
						_t56 = _t56 + 0x30;
						__eflags = _t56 - 0xf0;
						if(_t56 < 0xf0) {
							continue;
						} else {
							_t71 = GetCPInfo(_t99,  &_v28);
							__eflags = _t71;
							if(_t71 == 0) {
								__eflags =  *0x709976ec - _t102; // 0x0
								if(__eflags != 0) {
									goto L1;
								} else {
									_t65 = _t71 | 0xffffffff;
									__eflags = _t71 | 0xffffffff;
								}
							} else {
								_t10 = _t83 + 0x1c; // 0x11b
								E70989080(_t99, _t10, _t102, 0x101);
								_t97 = 1;
								 *(_t83 + 4) = _t99;
								 *(_t83 + 0xc) = _t102;
								__eflags = _v28 - 1;
								if(_v28 <= 1) {
									 *(_t83 + 8) = _t102;
								} else {
									__eflags = _v22;
									if(_v22 != 0) {
										_t107 =  &_v21;
										while(1) {
											_t94 =  *_t107;
											__eflags = _t94;
											if(_t94 == 0) {
												goto L26;
											}
											_t82 =  *(_t107 - 1) & 0x000000ff;
											_t95 = _t94 & 0x000000ff;
											while(1) {
												__eflags = _t82 - _t95;
												if(_t82 > _t95) {
													break;
												}
												 *(_t83 + _t82 + 0x1d) =  *(_t83 + _t82 + 0x1d) | 0x00000004;
												_t82 = _t82 + 1;
												__eflags = _t82;
											}
											_t107 = _t107 + 2;
											__eflags =  *(_t107 - 1);
											if( *(_t107 - 1) != 0) {
												continue;
											}
											goto L26;
										}
									}
									L26:
									_t46 = _t83 + 0x1e; // 0x11d
									_t79 = _t46;
									_t93 = 0xfe;
									do {
										 *_t79 =  *_t79 | 0x00000008;
										_t79 =  &(_t79[1]);
										_t93 = _t93 - 1;
										__eflags = _t93;
									} while (_t93 != 0);
									 *(_t83 + 0xc) = E7098BE6A( *(_t83 + 4));
									 *(_t83 + 8) = _t97;
								}
								_t51 = _t83 + 0x10; // 0x10f
								_t99 = _t51;
								asm("stosd");
								asm("stosd");
								asm("stosd");
								L22:
								_t102 = _t83;
								E7098BF07(_t83);
								goto L2;
							}
						}
						goto L33;
					}
					_t17 = _t83 + 0x1c; // 0x11b
					E70989080(_t99, _t17, _t102, 0x101);
					_t86 = _v32 * 0x30;
					_v36 = _t102;
					_t20 = _t86 + 0x70996600; // 0x70996614
					_t103 = _t20;
					_v32 = _t103;
					while(1) {
						L18:
						__eflags =  *_t103;
						if( *_t103 == 0) {
							break;
						}
						_t22 = _t103 + 1; // 0x40000000
						_t59 =  *_t22;
						__eflags = _t59;
						if(_t59 != 0) {
							_t100 =  *_t103 & 0x000000ff;
							_t67 = _t59 & 0x000000ff;
							while(1) {
								__eflags = _t100 - _t67;
								if(_t100 > _t67) {
									break;
								}
								 *(_t83 + _t100 + 0x1d) =  *(_t83 + _t100 + 0x1d) |  *(_v36 + 0x709965ec);
								_t29 = _t103 + 1; // 0x40000000
								_t67 =  *_t29 & 0x000000ff;
								_t100 = _t100 + 1;
								__eflags = _t100;
							}
							_t99 = _a4;
							_t103 = _t103 + 2;
							__eflags = _t103;
							continue;
						}
						break;
					}
					_v36 = _v36 + 1;
					_t103 = _v32 + 8;
					__eflags = _v36 - 4;
					_v32 = _t103;
					if(_v36 < 4) {
						goto L18;
					}
					 *(_t83 + 4) = _t99;
					 *(_t83 + 8) = 1;
					_t61 = E7098BE6A(_t99);
					 *(_t83 + 0xc) = _t61;
					_t39 = _t83 + 0x10; // 0x10f
					_t62 = _t39;
					_t87 = _t86 + 0x709965f4;
					_t97 = 6;
					do {
						 *_t62 =  *_t87;
						_t87 = _t87 + 2;
						_t62 = _t62 + 2;
						_t97 = _t97 - 1;
						__eflags = _t97;
					} while (_t97 != 0);
					goto L22;
				} else {
					L1:
					E7098BE9E(_t83, _t114);
					L2:
					_t65 = 0;
				}
				L33:
				return E70987FB3(_t65, _t83, _v8 ^ _t109, _t97, _t99, _t102);
			}

































                                                                                                                                0x7098c1d8
                                                                                                                                0x7098c1df
                                                                                                                                0x7098c1e3
                                                                                                                                0x7098c1f0
                                                                                                                                0x7098c1f2
                                                                                                                                0x7098c1f4
                                                                                                                                0x7098c1f7
                                                                                                                                0x7098c1f9
                                                                                                                                0x7098c209
                                                                                                                                0x7098c20c
                                                                                                                                0x7098c20c
                                                                                                                                0x7098c20e
                                                                                                                                0x7098c20e
                                                                                                                                0x7098c214
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c216
                                                                                                                                0x7098c219
                                                                                                                                0x7098c21c
                                                                                                                                0x7098c221
                                                                                                                                0x00000000
                                                                                                                                0x7098c223
                                                                                                                                0x7098c228
                                                                                                                                0x7098c22e
                                                                                                                                0x7098c230
                                                                                                                                0x7098c369
                                                                                                                                0x7098c36f
                                                                                                                                0x00000000
                                                                                                                                0x7098c375
                                                                                                                                0x7098c375
                                                                                                                                0x7098c375
                                                                                                                                0x7098c375
                                                                                                                                0x7098c236
                                                                                                                                0x7098c23b
                                                                                                                                0x7098c240
                                                                                                                                0x7098c247
                                                                                                                                0x7098c24b
                                                                                                                                0x7098c24e
                                                                                                                                0x7098c251
                                                                                                                                0x7098c254
                                                                                                                                0x7098c352
                                                                                                                                0x7098c25a
                                                                                                                                0x7098c25a
                                                                                                                                0x7098c25e
                                                                                                                                0x7098c264
                                                                                                                                0x7098c267
                                                                                                                                0x7098c267
                                                                                                                                0x7098c269
                                                                                                                                0x7098c26b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c271
                                                                                                                                0x7098c275
                                                                                                                                0x7098c323
                                                                                                                                0x7098c323
                                                                                                                                0x7098c325
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c31d
                                                                                                                                0x7098c322
                                                                                                                                0x7098c322
                                                                                                                                0x7098c322
                                                                                                                                0x7098c328
                                                                                                                                0x7098c329
                                                                                                                                0x7098c32d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c32d
                                                                                                                                0x7098c267
                                                                                                                                0x7098c333
                                                                                                                                0x7098c333
                                                                                                                                0x7098c333
                                                                                                                                0x7098c336
                                                                                                                                0x7098c33b
                                                                                                                                0x7098c33b
                                                                                                                                0x7098c33e
                                                                                                                                0x7098c33f
                                                                                                                                0x7098c33f
                                                                                                                                0x7098c33f
                                                                                                                                0x7098c34a
                                                                                                                                0x7098c34d
                                                                                                                                0x7098c34d
                                                                                                                                0x7098c361
                                                                                                                                0x7098c361
                                                                                                                                0x7098c364
                                                                                                                                0x7098c365
                                                                                                                                0x7098c366
                                                                                                                                0x7098c311
                                                                                                                                0x7098c311
                                                                                                                                0x7098c313
                                                                                                                                0x00000000
                                                                                                                                0x7098c313
                                                                                                                                0x7098c230
                                                                                                                                0x00000000
                                                                                                                                0x7098c221
                                                                                                                                0x7098c282
                                                                                                                                0x7098c287
                                                                                                                                0x7098c292
                                                                                                                                0x7098c295
                                                                                                                                0x7098c298
                                                                                                                                0x7098c298
                                                                                                                                0x7098c29e
                                                                                                                                0x7098c2cd
                                                                                                                                0x7098c2cd
                                                                                                                                0x7098c2cd
                                                                                                                                0x7098c2d0
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c2a3
                                                                                                                                0x7098c2a3
                                                                                                                                0x7098c2a6
                                                                                                                                0x7098c2a8
                                                                                                                                0x7098c2aa
                                                                                                                                0x7098c2ad
                                                                                                                                0x7098c2c4
                                                                                                                                0x7098c2c4
                                                                                                                                0x7098c2c6
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c2bb
                                                                                                                                0x7098c2bf
                                                                                                                                0x7098c2bf
                                                                                                                                0x7098c2c3
                                                                                                                                0x7098c2c3
                                                                                                                                0x7098c2c3
                                                                                                                                0x7098c2c8
                                                                                                                                0x7098c2cc
                                                                                                                                0x7098c2cc
                                                                                                                                0x00000000
                                                                                                                                0x7098c2cc
                                                                                                                                0x00000000
                                                                                                                                0x7098c2a8
                                                                                                                                0x7098c2d5
                                                                                                                                0x7098c2d8
                                                                                                                                0x7098c2db
                                                                                                                                0x7098c2df
                                                                                                                                0x7098c2e2
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c2e6
                                                                                                                                0x7098c2e9
                                                                                                                                0x7098c2f0
                                                                                                                                0x7098c2f7
                                                                                                                                0x7098c2fa
                                                                                                                                0x7098c2fa
                                                                                                                                0x7098c2fd
                                                                                                                                0x7098c303
                                                                                                                                0x7098c304
                                                                                                                                0x7098c308
                                                                                                                                0x7098c30b
                                                                                                                                0x7098c30d
                                                                                                                                0x7098c30e
                                                                                                                                0x7098c30e
                                                                                                                                0x7098c30e
                                                                                                                                0x00000000
                                                                                                                                0x7098c1fb
                                                                                                                                0x7098c1fb
                                                                                                                                0x7098c1fd
                                                                                                                                0x7098c202
                                                                                                                                0x7098c202
                                                                                                                                0x7098c202
                                                                                                                                0x7098c378
                                                                                                                                0x7098c386

                                                                                                                                APIs
                                                                                                                                • getSystemCP.LIBCMT ref: 7098C1EB
                                                                                                                                  • Part of subcall function 7098C14F: GetOEMCP.KERNEL32(00000000,?,7098A8CD), ref: 7098C178
                                                                                                                                • setSBCS.LIBCMT ref: 7098C1FD
                                                                                                                                  • Part of subcall function 7098BE9E: _memset.LIBCMT ref: 7098BEB0
                                                                                                                                • GetCPInfo.KERNEL32(00000000,7098C53B,00000000,?,00000000,70993B60), ref: 7098C228
                                                                                                                                • _memset.LIBCMT ref: 7098C240
                                                                                                                                • setSBUpLow.LIBCMT ref: 7098C313
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _memset$InfoSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4021631808-0
                                                                                                                                • Opcode ID: ad3b078c2a63dc017c4d8bb633c39f048505ed46f27464d2d0f9809f9ccfa064
                                                                                                                                • Instruction ID: de9c25db1b4bcce38901b1035366fcfd2556af258d1f4e55debf66e6cc79c899
                                                                                                                                • Opcode Fuzzy Hash: ad3b078c2a63dc017c4d8bb633c39f048505ed46f27464d2d0f9809f9ccfa064
                                                                                                                                • Instruction Fuzzy Hash: 0951D6B1D043559FDB06CF65C8816AEBBB8EF45304F14806BE892DB3C6D638D946CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709848A0, Relevance: 9.1, APIs: 6, Instructions: 126fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 24%
                                                                                                                                			E709848A0(void* __ecx, signed char _a4, signed char _a7, long _a8, long _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void _v20;
				struct _OVERLAPPED _v40;
				signed int _t42;
				signed int _t51;
				signed int _t54;
				signed int _t55;
				long _t56;
				signed int _t58;
				signed char _t61;
				signed char _t66;
				signed int _t67;
				signed int _t69;
				void* _t74;
				long _t80;
				signed int _t81;
				long _t84;
				void* _t87;

				_t42 = _a16;
				_t87 = __ecx;
				if(_t42 != 0) {
					 *_t42 =  *_t42 & 0x00000000;
				}
				if( *((intOrPtr*)(_t87 + 4)) != 0) {
					_t69 = _a20;
					_t66 = _a4;
					__eflags = _t69;
					_push(_t58);
					__eflags = _t66;
					_t61 = (_t58 & 0xffffff00 | _t66 != 0x00000000) - 0x00000001 & (_t42 & 0xffffff00 | _t69 != 0x00000000);
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_a7 = _t61;
					_a20 = 0;
					__eflags = _t69;
					if(_t69 != 0) {
						_t84 = _a12;
						_v20 = _t69;
						asm("sbb edx, edx");
						_v12 = 0;
						_v8 = 0;
						asm("sbb eax, eax");
						_v16 =  !( ~(_t66 & 0x000000ff)) & _t84;
						_t74 = _a8;
						_v12 =  !( ~(_t66 & 0x000000ff)) & _t74;
						__eflags = _t66;
						if(_t66 == 0) {
							_t84 = 4;
							_t74 =  &_a20;
						}
						__eflags = _t66;
						_t80 = ((0 | _t66 == 0x00000000) - 0x00000001 & 0xffffbffe) + 0x22803c;
						__eflags = _t80;
						_t51 = DeviceIoControl( *(_t87 + 0x18), _t80,  &_v20, 0x10, _t74, _t84,  &_a8,  &_v40);
						_t61 = _a7;
					} else {
						__eflags = _t66;
						_push( &_v40);
						_push(_a16);
						_push(_a12);
						_push(_a8);
						_push( *(_t87 + 0x18));
						if(_t66 == 0) {
							_t51 = WriteFile();
						} else {
							_t51 = ReadFile();
						}
					}
					__eflags = _t51;
					if(_t51 != 0) {
						L14:
						_a12 = _a12 & 0x00000000;
						_t54 = GetOverlappedResult( *(_t87 + 0x18),  &_v40,  &_a12, 1);
						__eflags = _t54;
						if(__eflags != 0) {
							_t81 = _a16;
							__eflags = _t81;
							if(_t81 != 0) {
								_t67 = _a20;
								__eflags = _t61;
								if(_t61 == 0) {
									_t67 = _a12;
								}
								 *_t81 = _t67;
							}
							__eflags = _t54;
						}
						_t41 = __eflags != 0;
						__eflags = _t41;
						_t55 = _t54 & 0xffffff00 | _t41;
						goto L21;
					} else {
						_t56 = GetLastError();
						__eflags = _t56 - 0x3e5;
						if(_t56 == 0x3e5) {
							goto L14;
						}
						_t55 = 0;
						L21:
						goto L22;
					}
				} else {
					SetLastError(6);
					_t55 = 0;
					L22:
					return _t55;
				}
			}























                                                                                                                                0x709848a5
                                                                                                                                0x709848ac
                                                                                                                                0x709848b0
                                                                                                                                0x709848b2
                                                                                                                                0x709848b2
                                                                                                                                0x709848b9
                                                                                                                                0x709848ca
                                                                                                                                0x709848cd
                                                                                                                                0x709848d0
                                                                                                                                0x709848d5
                                                                                                                                0x709848d6
                                                                                                                                0x709848de
                                                                                                                                0x709848e5
                                                                                                                                0x709848e6
                                                                                                                                0x709848e7
                                                                                                                                0x709848e8
                                                                                                                                0x709848e9
                                                                                                                                0x709848ec
                                                                                                                                0x709848ef
                                                                                                                                0x709848f2
                                                                                                                                0x709848f4
                                                                                                                                0x7098491b
                                                                                                                                0x7098491e
                                                                                                                                0x70984926
                                                                                                                                0x70984928
                                                                                                                                0x7098492b
                                                                                                                                0x70984937
                                                                                                                                0x70984939
                                                                                                                                0x7098493c
                                                                                                                                0x70984943
                                                                                                                                0x70984946
                                                                                                                                0x70984948
                                                                                                                                0x7098494c
                                                                                                                                0x7098494d
                                                                                                                                0x7098494d
                                                                                                                                0x70984965
                                                                                                                                0x70984971
                                                                                                                                0x70984971
                                                                                                                                0x70984979
                                                                                                                                0x7098497f
                                                                                                                                0x709848f6
                                                                                                                                0x709848f9
                                                                                                                                0x709848fe
                                                                                                                                0x709848ff
                                                                                                                                0x70984902
                                                                                                                                0x70984905
                                                                                                                                0x70984908
                                                                                                                                0x70984909
                                                                                                                                0x70984913
                                                                                                                                0x7098490b
                                                                                                                                0x7098490b
                                                                                                                                0x7098490b
                                                                                                                                0x70984909
                                                                                                                                0x70984982
                                                                                                                                0x70984984
                                                                                                                                0x70984997
                                                                                                                                0x7098499a
                                                                                                                                0x709849a9
                                                                                                                                0x709849af
                                                                                                                                0x709849b1
                                                                                                                                0x709849b3
                                                                                                                                0x709849b6
                                                                                                                                0x709849b8
                                                                                                                                0x709849ba
                                                                                                                                0x709849bd
                                                                                                                                0x709849bf
                                                                                                                                0x709849c1
                                                                                                                                0x709849c1
                                                                                                                                0x709849c4
                                                                                                                                0x709849c4
                                                                                                                                0x709849c6
                                                                                                                                0x709849c6
                                                                                                                                0x709849c8
                                                                                                                                0x709849c8
                                                                                                                                0x709849c8
                                                                                                                                0x00000000
                                                                                                                                0x70984986
                                                                                                                                0x70984986
                                                                                                                                0x7098498c
                                                                                                                                0x70984991
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70984993
                                                                                                                                0x709849cb
                                                                                                                                0x00000000
                                                                                                                                0x709849cc
                                                                                                                                0x709848bb
                                                                                                                                0x709848bd
                                                                                                                                0x709848c3
                                                                                                                                0x709849cd
                                                                                                                                0x709849cf
                                                                                                                                0x709849cf

                                                                                                                                APIs
                                                                                                                                • SetLastError.KERNEL32(00000006), ref: 709848BD
                                                                                                                                • ReadFile.KERNEL32(?,?,?,?,?), ref: 7098490B
                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,?), ref: 70984913
                                                                                                                                • DeviceIoControl.KERNEL32 ref: 70984979
                                                                                                                                • GetLastError.KERNEL32 ref: 70984986
                                                                                                                                • GetOverlappedResult.KERNEL32(?,?,00000000,00000001), ref: 709849A9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLast$ControlDeviceOverlappedReadResultWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1101802857-0
                                                                                                                                • Opcode ID: f9d417dd664f4e3a89d39dcad47451a157f1127df680c96d141d59d45fa377e5
                                                                                                                                • Instruction ID: 3106905cbc218949a7f899f54ffafa33fc7a8d5845084dd9e8af9d72fb7e97d6
                                                                                                                                • Opcode Fuzzy Hash: f9d417dd664f4e3a89d39dcad47451a157f1127df680c96d141d59d45fa377e5
                                                                                                                                • Instruction Fuzzy Hash: 9741EF7260020AEFDB10CF69CC40BDF7BBEAF85751F148528E84297384E775DA449B62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCAF0, Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ec_bignum_to_scalar.ADB(?,?,?,?,?,00000001,?,?,013FCA3F,?,?), ref: 013FCAFF
                                                                                                                                  • Part of subcall function 013F94A0: ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000143,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94BF
                                                                                                                                  • Part of subcall function 013F94A0: ERR_put_error.ADB(0000000F,00000000,00000085,external/boringssl/src/crypto/fipsmodule/ec/scalar.c,0000001C,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94D7
                                                                                                                                • ERR_clear_error.ADB ref: 013FCB18
                                                                                                                                  • Part of subcall function 014207E0: CRYPTO_get_thread_local.ADB(00000000,?,013FCB1D), ref: 014207E3
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,013FCB1D), ref: 014207F8
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142081E
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420845
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142086C
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420893
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208BA
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208E1
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420908
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420932
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420968
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 0142099E
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 014209D4
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420A0A
                                                                                                                                  • Part of subcall function 014207E0: OPENSSL_free.ADB(?), ref: 01420A40
                                                                                                                                • OPENSSL_realloc.ADB(?,00000000), ref: 013FCB58
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013FCB8B
                                                                                                                                • BN_div.ADB(00000000,00000000,?,?,?), ref: 013FCBAD
                                                                                                                                • ec_bignum_to_scalar.ADB(?,?,00000000), ref: 013FCBE1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_errorec_bignum_to_scalar$L_reallocN_divO_get_thread_localR_clear_errorX_getmallocmemcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2902682148-0
                                                                                                                                • Opcode ID: 6faf1151990fc00a18edd3bed65b5a77d65883b4f0c2882c289e5756a03f386a
                                                                                                                                • Instruction ID: e08c5972792e0f352d094b33888805ff92355c92afea5fb9b37bea2b8adab95e
                                                                                                                                • Opcode Fuzzy Hash: 6faf1151990fc00a18edd3bed65b5a77d65883b4f0c2882c289e5756a03f386a
                                                                                                                                • Instruction Fuzzy Hash: CE31AD7464030D9FEB24DE69D840F6A77E8EF44258F04842DEE5987291E632ED09CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409FA0, Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: 3f32c358efb22064fed54501ea0a1dca8fa29f3e51eb1f7dd5eb0f26f6e27f39
                                                                                                                                • Instruction ID: 15c1b0a8ee116f27b230d755891c476ff06c4f3435fb14b6188a9955b7d0c974
                                                                                                                                • Opcode Fuzzy Hash: 3f32c358efb22064fed54501ea0a1dca8fa29f3e51eb1f7dd5eb0f26f6e27f39
                                                                                                                                • Instruction Fuzzy Hash: 4F3181B07003199BDB25CE1AC48066777E5BFA8604F14893EED855B391D732EC12CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70985C91, Relevance: 9.1, APIs: 6, Instructions: 95sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E70985C91(void* __ecx, void* _a4, signed int* _a8, signed int _a12) {
				char _v5;
				long _v12;
				intOrPtr _v16;
				signed int* _t33;
				long _t37;
				signed int* _t38;
				intOrPtr _t39;
				long _t44;
				void* _t46;
				signed int _t48;
				signed int _t52;
				void* _t61;

				_t33 = _a8;
				_t46 = __ecx;
				if(_t33 != 0) {
					 *_t33 =  *_t33 & 0x00000000;
				}
				if( *((intOrPtr*)(_t46 + 4)) != 0) {
					_v5 = GetOverlappedResult( *( *((intOrPtr*)(_t46 + 0x24)) + 0x18), _t46 + 0x10,  &_v12, _a12 & 0x000000ff) != 0;
					_t37 = GetLastError();
					if(_a12 != 0 && _v5 != 0 && _v12 == 0 &&  *((intOrPtr*)(_t46 + 0x28)) != 0 && (_t37 == 0x3e4 || _t37 == 0x3e5)) {
						_v16 = 0;
						while(1) {
							Sleep(2);
							_v5 = GetOverlappedResult( *( *((intOrPtr*)(_t46 + 0x24)) + 0x18), _t46 + 0x10,  &_v12, _a12 & 0x000000ff) != 0;
							_t44 = GetLastError();
							if(_v5 == 0 || _v12 != 0 || _t44 != 0x3e4 && _t44 != 0x3e5) {
								goto L16;
							}
							_v16 = _v16 + 1;
							if(_v16 < 0xa) {
								continue;
							}
							goto L16;
						}
					}
					L16:
					_t61 = _a4;
					if(_t61 != 0) {
						_t52 = 5;
						memcpy(_t61, _t46 + 0x10, _t52 << 2);
					}
					_t38 = _a8;
					if(_t38 != 0) {
						if( *((char*)(_t46 + 0x30)) == 0) {
							_t48 = _v12;
						} else {
							_t48 =  *(_t46 + 0x2c);
						}
						 *_t38 = _t48;
					}
					_t39 = _v5;
				} else {
					SetLastError(6);
					_t39 = 0;
				}
				return _t39;
			}















                                                                                                                                0x70985c96
                                                                                                                                0x70985c9d
                                                                                                                                0x70985ca1
                                                                                                                                0x70985ca3
                                                                                                                                0x70985ca3
                                                                                                                                0x70985caa
                                                                                                                                0x70985ce1
                                                                                                                                0x70985ce5
                                                                                                                                0x70985ceb
                                                                                                                                0x70985d0d
                                                                                                                                0x70985d10
                                                                                                                                0x70985d12
                                                                                                                                0x70985d30
                                                                                                                                0x70985d34
                                                                                                                                0x70985d3a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70985d50
                                                                                                                                0x70985d57
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70985d57
                                                                                                                                0x70985d10
                                                                                                                                0x70985d59
                                                                                                                                0x70985d59
                                                                                                                                0x70985d5e
                                                                                                                                0x70985d62
                                                                                                                                0x70985d66
                                                                                                                                0x70985d66
                                                                                                                                0x70985d68
                                                                                                                                0x70985d6f
                                                                                                                                0x70985d75
                                                                                                                                0x70985d7c
                                                                                                                                0x70985d77
                                                                                                                                0x70985d77
                                                                                                                                0x70985d77
                                                                                                                                0x70985d7f
                                                                                                                                0x70985d7f
                                                                                                                                0x70985d81
                                                                                                                                0x70985cac
                                                                                                                                0x70985cae
                                                                                                                                0x70985cb4
                                                                                                                                0x70985cb4
                                                                                                                                0x70985d86

                                                                                                                                APIs
                                                                                                                                • SetLastError.KERNEL32(00000006), ref: 70985CAE
                                                                                                                                • GetOverlappedResult.KERNEL32(?,?,?,?), ref: 70985CD7
                                                                                                                                • GetLastError.KERNEL32(?), ref: 70985CE5
                                                                                                                                • Sleep.KERNEL32(00000002), ref: 70985D12
                                                                                                                                • GetOverlappedResult.KERNEL32(?,00000000,?,00000000), ref: 70985D2C
                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 70985D34
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$OverlappedResult$Sleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3553377265-0
                                                                                                                                • Opcode ID: 8474dd0ad1b1484e30979f23b6ff734dc9a534744c05da87dcf44aa2ae21cb86
                                                                                                                                • Instruction ID: ffdb3d0250464b354c382e66aabb973ffab08afde6d31a405b76a14fa2fb9574
                                                                                                                                • Opcode Fuzzy Hash: 8474dd0ad1b1484e30979f23b6ff734dc9a534744c05da87dcf44aa2ae21cb86
                                                                                                                                • Instruction Fuzzy Hash: AE316FB5914244BBDF068F55C888B9E7BBDAB44310F14459EEC16973E1C374D989CB12
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043399C, Relevance: 9.1, APIs: 6, Instructions: 93sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 78%
                                                                                                                                			E7043399C(void* __ecx, void* _a4, signed int* _a8, char _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int* _t34;
				intOrPtr _t37;
				long _t38;
				signed int* _t39;
				intOrPtr _t40;
				intOrPtr _t44;
				long _t45;
				void* _t47;
				signed int _t51;
				signed int _t54;
				void* _t59;
				void* _t60;

				_t34 = _a8;
				_t59 = __ecx;
				if(_t34 != 0) {
					 *_t34 =  *_t34 & 0x00000000;
				}
				if( *((intOrPtr*)(_t59 + 4)) != 0) {
					_t37 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x24)) + 0x10)) + 0x48));
					_t51 = 0 | _a12 != 0x00000000;
					_t47 = _t59 + 0x10;
					_push(_t51);
					_v16 = _t51;
					_push( &_v12);
					_push(_t47);
					_push(_t37);
					L7043C10C();
					_v5 = _t37 != 0;
					_t38 = GetLastError();
					if(_a12 != 0 && _v5 != 0 && _v12 == 0 &&  *((intOrPtr*)(_t59 + 0x28)) != 0 && (_t38 == 0x3e4 || _t38 == 0x3e5)) {
						_a12 = 0;
						while(1) {
							Sleep(2);
							_push(_v16);
							_t44 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t59 + 0x24)) + 0x10)) + 0x48));
							_push( &_v12);
							_push(_t47);
							_push(_t44);
							L7043C10C();
							_v5 = _t44 != 0;
							_t45 = GetLastError();
							if(_v5 == 0 || _v12 != 0 || _t45 != 0x3e4 && _t45 != 0x3e5) {
								goto L16;
							}
							_a12 = _a12 + 1;
							if(_a12 < 0xa) {
								continue;
							}
							goto L16;
						}
					}
					L16:
					_t60 = _a4;
					if(_t60 != 0) {
						_t54 = 5;
						memcpy(_t60, _t47, _t54 << 2);
					}
					_t39 = _a8;
					if(_t39 != 0) {
						 *_t39 = _v12;
					}
					_t40 = _v5;
				} else {
					SetLastError(6);
					_t40 = 0;
				}
				return _t40;
			}


















                                                                                                                                0x704339a1
                                                                                                                                0x704339a8
                                                                                                                                0x704339ac
                                                                                                                                0x704339ae
                                                                                                                                0x704339ae
                                                                                                                                0x704339b5
                                                                                                                                0x704339cc
                                                                                                                                0x704339d5
                                                                                                                                0x704339d9
                                                                                                                                0x704339dc
                                                                                                                                0x704339dd
                                                                                                                                0x704339e3
                                                                                                                                0x704339e4
                                                                                                                                0x704339e5
                                                                                                                                0x704339e6
                                                                                                                                0x704339f3
                                                                                                                                0x704339f7
                                                                                                                                0x704339fd
                                                                                                                                0x70433a1f
                                                                                                                                0x70433a22
                                                                                                                                0x70433a24
                                                                                                                                0x70433a2a
                                                                                                                                0x70433a33
                                                                                                                                0x70433a39
                                                                                                                                0x70433a3a
                                                                                                                                0x70433a3b
                                                                                                                                0x70433a3c
                                                                                                                                0x70433a43
                                                                                                                                0x70433a47
                                                                                                                                0x70433a4d
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433a63
                                                                                                                                0x70433a6a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70433a6a
                                                                                                                                0x70433a22
                                                                                                                                0x70433a6c
                                                                                                                                0x70433a6c
                                                                                                                                0x70433a71
                                                                                                                                0x70433a75
                                                                                                                                0x70433a78
                                                                                                                                0x70433a78
                                                                                                                                0x70433a7a
                                                                                                                                0x70433a81
                                                                                                                                0x70433a86
                                                                                                                                0x70433a86
                                                                                                                                0x70433a88
                                                                                                                                0x704339b7
                                                                                                                                0x704339b9
                                                                                                                                0x704339bf
                                                                                                                                0x704339bf
                                                                                                                                0x70433a8d

                                                                                                                                APIs
                                                                                                                                • SetLastError.KERNEL32(00000006), ref: 704339B9
                                                                                                                                • WinUsb_GetOverlappedResult.WINUSB(?,?,?,00000000), ref: 704339E6
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 704339F7
                                                                                                                                • Sleep.KERNEL32(00000002), ref: 70433A24
                                                                                                                                • WinUsb_GetOverlappedResult.WINUSB(?,?,?,?), ref: 70433A3C
                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,?,?), ref: 70433A47
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$OverlappedResultUsb_$Sleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4174387227-0
                                                                                                                                • Opcode ID: 44d92e1ee467a2ae7672a2c6de7abf255a960b79475485e3d1a722df99245a31
                                                                                                                                • Instruction ID: 368a618d5081c54f5846004cd6c42d413e8f278ccdf0282c0a42f62acc351bb0
                                                                                                                                • Opcode Fuzzy Hash: 44d92e1ee467a2ae7672a2c6de7abf255a960b79475485e3d1a722df99245a31
                                                                                                                                • Instruction Fuzzy Hash: 75318171900249AFEB019F58C884B9DFBB8BF0D316F40516DE852A7391D778DE45CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409DF0, Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: ec1d3984cd7265d497fdba4470ab1be70e2ae5c4edc18ee91361be3161ef648f
                                                                                                                                • Instruction ID: 9b58849f5f200efdae128a4c33d55fa28bf1004de5163b7f0410c14da773b51a
                                                                                                                                • Opcode Fuzzy Hash: ec1d3984cd7265d497fdba4470ab1be70e2ae5c4edc18ee91361be3161ef648f
                                                                                                                                • Instruction Fuzzy Hash: 0B218FB1A0032187DB22DE1AD480B67B7A4BF10628F44883FDD595B3E2CB71EC5687C1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01424AF0, Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014,?,-00000020,?,?,01531776,00000000,?,-00000020), ref: 01424B07
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_malloc.ADB(00000010,00000000), ref: 01424B3D
                                                                                                                                • OPENSSL_realloc.ADB(?,?,?,00000000), ref: 01424B7B
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 01424B9C
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,00000000), ref: 01424BBD
                                                                                                                                • OPENSSL_free.ADB(00000000,00000000,?,-00000020), ref: 01424BC6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocmallocmemcpy$L_realloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1698745529-0
                                                                                                                                • Opcode ID: fd7d9f90a9cbf8b475d4289d3b70ac46ab5bb924a10d1a65d735ad273c0d7d35
                                                                                                                                • Instruction ID: c8999e62775ad8c5274aaa2c681701581193aea7355a6d5ad32012e9885bb999
                                                                                                                                • Opcode Fuzzy Hash: fd7d9f90a9cbf8b475d4289d3b70ac46ab5bb924a10d1a65d735ad273c0d7d35
                                                                                                                                • Instruction Fuzzy Hash: AC216AB55007218FEB208F19D894B13BBE4EF54314F88C92ED95A8F361E775E849CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70987506, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E70987506(intOrPtr __ecx) {
				intOrPtr _v8;
				long _t3;
				long _t5;
				long _t15;
				void* _t17;

				_push(__ecx);
				_t3 =  *0x7099722c; // 0x3
				_t15 = 2;
				_v8 = __ecx;
				if(_t3 != _t15) {
					__eflags = _t3;
					if(_t3 != 0) {
						while(1) {
							L10:
							__eflags =  *0x7099722c - 1;
							if( *0x7099722c != 1) {
								break;
							}
							Sleep(1);
						}
						__eflags =  *0x7099722c - _t15; // 0x3
						if(__eflags != 0) {
							L13:
							L14:
							return _v8;
						}
						L12:
						EnterCriticalSection(0x70997214);
						goto L13;
					}
					_t5 = InterlockedExchange(0x7099722c, 1);
					__eflags = _t5;
					if(_t5 != 0) {
						__eflags = _t5 - _t15;
						if(_t5 == _t15) {
							 *0x7099722c = _t15;
						}
						goto L10;
					}
					__eflags = InitializeCriticalSectionAndSpinCount(0x70997214, 0xfa0);
					if(__eflags == 0) {
						E709875BE(_t17);
					}
					E70989061(__eflags, E709874E3);
					 *0x7099722c = _t15;
					goto L12;
				}
				EnterCriticalSection(0x70997214);
				goto L14;
			}








                                                                                                                                0x7098750b
                                                                                                                                0x7098750c
                                                                                                                                0x70987514
                                                                                                                                0x70987515
                                                                                                                                0x7098751a
                                                                                                                                0x7098752f
                                                                                                                                0x70987531
                                                                                                                                0x70987580
                                                                                                                                0x70987580
                                                                                                                                0x70987580
                                                                                                                                0x70987587
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098757a
                                                                                                                                0x7098757a
                                                                                                                                0x70987589
                                                                                                                                0x7098758f
                                                                                                                                0x70987598
                                                                                                                                0x70987599
                                                                                                                                0x7098759e
                                                                                                                                0x7098759e
                                                                                                                                0x70987591
                                                                                                                                0x70987592
                                                                                                                                0x00000000
                                                                                                                                0x70987592
                                                                                                                                0x7098753a
                                                                                                                                0x70987540
                                                                                                                                0x70987542
                                                                                                                                0x7098756c
                                                                                                                                0x7098756e
                                                                                                                                0x70987570
                                                                                                                                0x70987570
                                                                                                                                0x00000000
                                                                                                                                0x7098756e
                                                                                                                                0x70987550
                                                                                                                                0x70987552
                                                                                                                                0x70987554
                                                                                                                                0x70987554
                                                                                                                                0x7098755e
                                                                                                                                0x70987564
                                                                                                                                0x00000000
                                                                                                                                0x70987564
                                                                                                                                0x70987521
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                • EnterCriticalSection.KERNEL32(70997214,?,?,?,7098617F,70997134,?,00000000), ref: 70987521
                                                                                                                                • InterlockedExchange.KERNEL32(7099722C,00000001), ref: 7098753A
                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(70997214,00000FA0,?,7098617F,70997134,?,00000000), ref: 7098754A
                                                                                                                                • std::_Nomemory.LIBCMT ref: 70987554
                                                                                                                                • EnterCriticalSection.KERNEL32(70997214,?,7098617F,70997134,?,00000000), ref: 70987592
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$Enter$CountExchangeInitializeInterlockedNomemorySpinstd::_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 131756441-0
                                                                                                                                • Opcode ID: 015b78473ae41a9f116d3f16b7fffcad3d1a65d893c494b334d30dcde90a28b1
                                                                                                                                • Instruction ID: 587eba1ea49c28b97766747324f98ee1df0a656bf5d16a5c491d8b39f3f28ea8
                                                                                                                                • Opcode Fuzzy Hash: 015b78473ae41a9f116d3f16b7fffcad3d1a65d893c494b334d30dcde90a28b1
                                                                                                                                • Instruction Fuzzy Hash: 55014C72278201EBC716DB67AC45B4EF7BDA788654B300026F55AE93D0EB60D9C0AA17
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709873DF, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 24%
                                                                                                                                			E709873DF(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v32;
				intOrPtr _v68;
				char _v76;
				intOrPtr _v92;
				char _v120;
				void* __ebp;
				char* _t30;
				intOrPtr _t32;
				char* _t35;
				void* _t39;
				void* _t41;

				_push(__ecx);
				E70987229(__ebx,  &_v32, __edi, __esi, __eflags);
				E70988C6D( &_v32, 0x709937a8);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				E709872C6( &_v76,  &_v32);
				E70988C6D( &_v76, 0x7099376c);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t41);
				_t39 = _t41 - 0x1c;
				_t30 =  &_v120;
				E709872E8(_t30,  &_v76);
				E70988C6D( &_v120, 0x709936bc);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t39);
				_push(__esi);
				_push(__edi);
				_t32 = _v92;
				_t35 = _t30;
				if(E7098734B(_t30, _t32, 1) != 0) {
					E70988100(__ebx, _t32, _t35,  *((intOrPtr*)(_t35 + 4)), _v68, _t32);
					 *((intOrPtr*)(_t35 + 8)) = _t32;
					 *((char*)(_t32 +  *((intOrPtr*)(_t35 + 4)))) = 0;
				}
				return _t35;
			}














                                                                                                                                0x709873e7
                                                                                                                                0x709873eb
                                                                                                                                0x709873f9
                                                                                                                                0x709873fe
                                                                                                                                0x709873ff
                                                                                                                                0x70987400
                                                                                                                                0x70987401
                                                                                                                                0x70987402
                                                                                                                                0x70987403
                                                                                                                                0x70987410
                                                                                                                                0x7098741e
                                                                                                                                0x70987423
                                                                                                                                0x70987424
                                                                                                                                0x70987425
                                                                                                                                0x70987426
                                                                                                                                0x70987427
                                                                                                                                0x70987428
                                                                                                                                0x7098742b
                                                                                                                                0x7098742c
                                                                                                                                0x70987432
                                                                                                                                0x70987435
                                                                                                                                0x70987443
                                                                                                                                0x70987448
                                                                                                                                0x70987449
                                                                                                                                0x7098744a
                                                                                                                                0x7098744b
                                                                                                                                0x7098744c
                                                                                                                                0x7098744d
                                                                                                                                0x70987450
                                                                                                                                0x70987453
                                                                                                                                0x70987454
                                                                                                                                0x70987455
                                                                                                                                0x7098745b
                                                                                                                                0x70987464
                                                                                                                                0x7098746d
                                                                                                                                0x70987475
                                                                                                                                0x7098747b
                                                                                                                                0x7098747b
                                                                                                                                0x70987484

                                                                                                                                APIs
                                                                                                                                • std::runtime_error::runtime_error.LIBCPMT ref: 709873EB
                                                                                                                                  • Part of subcall function 70987229: __EH_prolog3.LIBCMT ref: 70987230
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 709873F9
                                                                                                                                  • Part of subcall function 70988C6D: RaiseException.KERNEL32(?,?,70986E02,?,?,?,?,?,70986E02,?,709935E4,70997204), ref: 70988CAF
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 70987410
                                                                                                                                  • Part of subcall function 709872C6: std::runtime_error::runtime_error.LIBCPMT ref: 709872D1
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 7098741E
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 70987435
                                                                                                                                  • Part of subcall function 709872E8: std::runtime_error::runtime_error.LIBCPMT ref: 709872F3
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 70987443
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Exception@8Throwstd::runtime_error::runtime_error$std::bad_exception::bad_exception$ExceptionH_prolog3Raise
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1649494085-0
                                                                                                                                • Opcode ID: 59dffac882f55e951eadf59fcd46ecde0624e66887b59522b8a8d71b613e4efe
                                                                                                                                • Instruction ID: 81a104c214b09f0e966ce82135ebdb0fa32314eea5a81a26babfeae3133dd01a
                                                                                                                                • Opcode Fuzzy Hash: 59dffac882f55e951eadf59fcd46ecde0624e66887b59522b8a8d71b613e4efe
                                                                                                                                • Instruction Fuzzy Hash: 1AF082A5C1420D3BC708FBE48C4AE9FF77C58E0204BA0452576B0A368BAA64F50A85B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098B0F5, Relevance: 9.0, APIs: 6, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 70%
                                                                                                                                			E7098B0F5(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v68;
				intOrPtr _t45;
				intOrPtr _t48;
				intOrPtr* _t59;
				intOrPtr* _t75;
				intOrPtr _t80;
				void* _t86;

				_t86 = __eflags;
				_t79 = __esi;
				_t77 = __edi;
				_t68 = __ebx;
				_push(8);
				E70988000(E70992FB7, __ebx, __edi, __esi);
				_t45 = E70989F98(__ebx, _t86);
				_t87 =  *((intOrPtr*)(_t45 + 0x94));
				_v20 = _t45;
				if( *((intOrPtr*)(_t45 + 0x94)) != 0) {
					E7098AD09(__ebx, __edi, __esi, _t87);
				}
				_v4 = _v4 & 0x00000000;
				E7098ACF1(_t77, _t79, _t87);
				_v4 = _v4 | 0xffffffff;
				E7098ACB3(_t87);
				_t48 = _v20;
				_t88 = _t48;
				if(_t48 == 0) {
					_t48 = E70989F98(_t68, _t88);
				}
				 *((intOrPtr*)(_t48 + 0x94)) = _a4;
				E70988C6D(0, 0);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				E7098ADBB( &_v28, _a4);
				E70988C6D( &_v28, 0x70993a7c);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0x30);
				_push(0x70993ab8);
				E70988D28(_t68, _t77, _t79);
				_t69 = _a8;
				_t78 = _a4;
				_v40 = _a20;
				_v60 = _v60 & 0x00000000;
				_v44 =  *((intOrPtr*)(_a8 - 4));
				_t20 = _t78 + 0x18; // 0x75ff57f4
				_v48 = E70987EB6( &_v68,  *_t20);
				_t80 = E70989F98(_a8, _t88);
				_v36 = _t80;
				_t24 = _t80 + 0x88; // 0x88
				_t59 = _t24;
				_v52 =  *_t59;
				_t26 = _t80 + 0x8c; // 0x8c
				_t75 = _t26;
				_v56 =  *_t75;
				 *_t59 = _a4;
				 *_t75 = _a12;
				_v8 = _v8 & 0x00000000;
				_a12 = 1;
				_v8 = 1;
				_v40 = E70987F4E(_a8, _a16, _a20, _a24, _a28);
				_v8 = _v8 & 0x00000000;
				_v8 = 0xfffffffe;
				_a12 = 0;
				E7098B2A7(_t69, _t78, _t80);
				return E70988D6D(_v40);
			}





















                                                                                                                                0x7098b0f5
                                                                                                                                0x7098b0f5
                                                                                                                                0x7098b0f5
                                                                                                                                0x7098b0f5
                                                                                                                                0x7098b0f5
                                                                                                                                0x7098b0fc
                                                                                                                                0x7098b101
                                                                                                                                0x7098b106
                                                                                                                                0x7098b10d
                                                                                                                                0x7098b110
                                                                                                                                0x7098b112
                                                                                                                                0x7098b112
                                                                                                                                0x7098b117
                                                                                                                                0x7098b11b
                                                                                                                                0x7098b120
                                                                                                                                0x7098b124
                                                                                                                                0x7098b129
                                                                                                                                0x7098b12c
                                                                                                                                0x7098b12e
                                                                                                                                0x7098b130
                                                                                                                                0x7098b130
                                                                                                                                0x7098b13c
                                                                                                                                0x7098b142
                                                                                                                                0x7098b147
                                                                                                                                0x7098b148
                                                                                                                                0x7098b149
                                                                                                                                0x7098b14a
                                                                                                                                0x7098b14b
                                                                                                                                0x7098b14c
                                                                                                                                0x7098b159
                                                                                                                                0x7098b167
                                                                                                                                0x7098b16c
                                                                                                                                0x7098b16d
                                                                                                                                0x7098b16e
                                                                                                                                0x7098b16f
                                                                                                                                0x7098b170
                                                                                                                                0x7098b171
                                                                                                                                0x7098b172
                                                                                                                                0x7098b174
                                                                                                                                0x7098b179
                                                                                                                                0x7098b17e
                                                                                                                                0x7098b181
                                                                                                                                0x7098b187
                                                                                                                                0x7098b18a
                                                                                                                                0x7098b191
                                                                                                                                0x7098b194
                                                                                                                                0x7098b1a2
                                                                                                                                0x7098b1aa
                                                                                                                                0x7098b1ac
                                                                                                                                0x7098b1af
                                                                                                                                0x7098b1af
                                                                                                                                0x7098b1b7
                                                                                                                                0x7098b1ba
                                                                                                                                0x7098b1ba
                                                                                                                                0x7098b1c2
                                                                                                                                0x7098b1c5
                                                                                                                                0x7098b1ca
                                                                                                                                0x7098b1cc
                                                                                                                                0x7098b1d3
                                                                                                                                0x7098b1d6
                                                                                                                                0x7098b1ee
                                                                                                                                0x7098b1f1
                                                                                                                                0x7098b27d
                                                                                                                                0x7098b284
                                                                                                                                0x7098b28b
                                                                                                                                0x7098b298

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 7098B0FC
                                                                                                                                • __getptd.LIBCMT ref: 7098B101
                                                                                                                                  • Part of subcall function 70989F98: __amsg_exit.LIBCMT ref: 70989FA8
                                                                                                                                • __getptd.LIBCMT ref: 7098B130
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 7098B142
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 7098B159
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 7098B167
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Exception@8Throw__getptd$H_prolog3_catch__amsg_exitstd::bad_exception::bad_exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 813787553-0
                                                                                                                                • Opcode ID: 1c8d4ac542de0c606d9dd821f9d520f717561d4e3d65a165773b72602bcb7458
                                                                                                                                • Instruction ID: 22ec31f9b00ce5a743aec65e31afe4eeb6d00bddceb5ebd4b631671d582b4fa3
                                                                                                                                • Opcode Fuzzy Hash: 1c8d4ac542de0c606d9dd821f9d520f717561d4e3d65a165773b72602bcb7458
                                                                                                                                • Instruction Fuzzy Hash: 7AF09071905208AFE714EBB0C91BBDE7B786F00308F244168F665AA7C1DA75BA04C763
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704371E2, Relevance: 9.0, APIs: 6, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 70%
                                                                                                                                			E704371E2(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v68;
				intOrPtr _t45;
				intOrPtr _t48;
				intOrPtr* _t59;
				intOrPtr* _t75;
				intOrPtr _t80;
				void* _t86;

				_t86 = __eflags;
				_t79 = __esi;
				_t77 = __edi;
				_t68 = __ebx;
				_push(8);
				E7043480C(E7043C30C, __ebx, __edi, __esi);
				_t45 = E7043612E(__ebx, _t86);
				_t87 =  *((intOrPtr*)(_t45 + 0x94));
				_v20 = _t45;
				if( *((intOrPtr*)(_t45 + 0x94)) != 0) {
					E70437C28(__ebx, __edi, __esi, _t87);
				}
				_v4 = _v4 & 0x00000000;
				E70437C10(_t77, _t79, _t87);
				_v4 = _v4 | 0xffffffff;
				E70437BD2(_t87);
				_t48 = _v20;
				_t88 = _t48;
				if(_t48 == 0) {
					_t48 = E7043612E(_t68, _t88);
				}
				 *((intOrPtr*)(_t48 + 0x94)) = _a4;
				E704348B2(0, 0);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				E70436EA8( &_v28, _a4);
				E704348B2( &_v28, 0x7043c84c);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(0x30);
				_push(0x7043c888);
				E70434970(_t68, _t77, _t79);
				_t69 = _a8;
				_t78 = _a4;
				_v40 = _a20;
				_v60 = _v60 & 0x00000000;
				_v44 =  *((intOrPtr*)(_a8 - 4));
				_t20 = _t78 + 0x18; // 0x75ff57f4
				_v48 = E704346C2( &_v68,  *_t20);
				_t80 = E7043612E(_a8, _t88);
				_v36 = _t80;
				_t24 = _t80 + 0x88; // 0x88
				_t59 = _t24;
				_v52 =  *_t59;
				_t26 = _t80 + 0x8c; // 0x8c
				_t75 = _t26;
				_v56 =  *_t75;
				 *_t59 = _a4;
				 *_t75 = _a12;
				_v8 = _v8 & 0x00000000;
				_a12 = 1;
				_v8 = 1;
				_v40 = E7043475A(_a8, _a16, _a20, _a24, _a28);
				_v8 = _v8 & 0x00000000;
				_v8 = 0xfffffffe;
				_a12 = 0;
				E70437394(_t69, _t78, _t80);
				return E704349B5(_v40);
			}





















                                                                                                                                0x704371e2
                                                                                                                                0x704371e2
                                                                                                                                0x704371e2
                                                                                                                                0x704371e2
                                                                                                                                0x704371e2
                                                                                                                                0x704371e9
                                                                                                                                0x704371ee
                                                                                                                                0x704371f3
                                                                                                                                0x704371fa
                                                                                                                                0x704371fd
                                                                                                                                0x704371ff
                                                                                                                                0x704371ff
                                                                                                                                0x70437204
                                                                                                                                0x70437208
                                                                                                                                0x7043720d
                                                                                                                                0x70437211
                                                                                                                                0x70437216
                                                                                                                                0x70437219
                                                                                                                                0x7043721b
                                                                                                                                0x7043721d
                                                                                                                                0x7043721d
                                                                                                                                0x70437229
                                                                                                                                0x7043722f
                                                                                                                                0x70437234
                                                                                                                                0x70437235
                                                                                                                                0x70437236
                                                                                                                                0x70437237
                                                                                                                                0x70437238
                                                                                                                                0x70437239
                                                                                                                                0x70437246
                                                                                                                                0x70437254
                                                                                                                                0x70437259
                                                                                                                                0x7043725a
                                                                                                                                0x7043725b
                                                                                                                                0x7043725c
                                                                                                                                0x7043725d
                                                                                                                                0x7043725e
                                                                                                                                0x7043725f
                                                                                                                                0x70437261
                                                                                                                                0x70437266
                                                                                                                                0x7043726b
                                                                                                                                0x7043726e
                                                                                                                                0x70437274
                                                                                                                                0x70437277
                                                                                                                                0x7043727e
                                                                                                                                0x70437281
                                                                                                                                0x7043728f
                                                                                                                                0x70437297
                                                                                                                                0x70437299
                                                                                                                                0x7043729c
                                                                                                                                0x7043729c
                                                                                                                                0x704372a4
                                                                                                                                0x704372a7
                                                                                                                                0x704372a7
                                                                                                                                0x704372af
                                                                                                                                0x704372b2
                                                                                                                                0x704372b7
                                                                                                                                0x704372b9
                                                                                                                                0x704372c0
                                                                                                                                0x704372c3
                                                                                                                                0x704372db
                                                                                                                                0x704372de
                                                                                                                                0x7043736a
                                                                                                                                0x70437371
                                                                                                                                0x70437378
                                                                                                                                0x70437385

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 704371E9
                                                                                                                                • __getptd.LIBCMT ref: 704371EE
                                                                                                                                  • Part of subcall function 7043612E: __amsg_exit.LIBCMT ref: 7043613E
                                                                                                                                • __getptd.LIBCMT ref: 7043721D
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 7043722F
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 70437246
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 70437254
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Exception@8Throw__getptd$H_prolog3_catch__amsg_exitstd::bad_exception::bad_exception
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 813787553-0
                                                                                                                                • Opcode ID: 9c7b632ad278d2a0d8501b8a7882b1d7ca2da6401d37abb87da75966221b3494
                                                                                                                                • Instruction ID: bfcffc561889c845a82ef8a998179a4913bc9f732443c032f7850a784283d74d
                                                                                                                                • Opcode Fuzzy Hash: 9c7b632ad278d2a0d8501b8a7882b1d7ca2da6401d37abb87da75966221b3494
                                                                                                                                • Instruction Fuzzy Hash: 15F06235900209AFDB24EBB0C90AB9EF7B46F09308FA0A56CF26577185CB7CB6048761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8EA0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 177COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ec_bignum_to_scalar.ADB(?,?,?), ref: 013F907A
                                                                                                                                • ERR_put_error.ADB(0000001A,00000000,00000065,external/boringssl/src/crypto/fipsmodule/ecdsa/ecdsa.c,0000009F), ref: 013F9353
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ecdsa/ecdsa.c, xrefs: 013F933A, 013F9348
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errorec_bignum_to_scalar
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ecdsa/ecdsa.c
                                                                                                                                • API String ID: 1124911010-239717092
                                                                                                                                • Opcode ID: fd017604a948c371bf1a3c86ad2eea75d55f0184806eacde69187771f4fe059c
                                                                                                                                • Instruction ID: 0061e32a26bc8f6ca123bdd8dda4a483be2f1f48fe4c993df01420f95d499755
                                                                                                                                • Opcode Fuzzy Hash: fd017604a948c371bf1a3c86ad2eea75d55f0184806eacde69187771f4fe059c
                                                                                                                                • Instruction Fuzzy Hash: B2714E729147C29AE7208F18C885BBBF7A4FFD9318F14572DFAC996540EBB09644C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5840, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000030), ref: 013E5849
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E59DD
                                                                                                                                  • Part of subcall function 013EB8D0: ERR_put_error.ADB(00000003,00000000,00000069,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000000A5), ref: 013EB983
                                                                                                                                  • Part of subcall function 013EBB40: BN_num_bits.ADB(?,-00000014,00000000,00000000,?,?,013E58DF,00000000,?,-00000014,?), ref: 013EBB5B
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E599C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013E59CB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E5991
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_mallocN_num_bitsX_freemallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 309076968-2228489102
                                                                                                                                • Opcode ID: 13d2713951fff2a5c2445edcffea6dc7df72524251b06c1e82f8541d9e8c8b3d
                                                                                                                                • Instruction ID: 5ffc0ac0e79c636ce6d5ad212f12dbbf80dd89743fad2f60c8834bf93f7b8f95
                                                                                                                                • Opcode Fuzzy Hash: 13d2713951fff2a5c2445edcffea6dc7df72524251b06c1e82f8541d9e8c8b3d
                                                                                                                                • Instruction Fuzzy Hash: 274122B5A007149BE3209F28C859B6BB7E4EF9625CF048B2DF59A673C1E770E504C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC250, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,00000000), ref: 013FC273
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000042,external/boringssl/src/crypto/fipsmodule/ec/ec.c,0000030B), ref: 013FC29D
                                                                                                                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 013FC34D
                                                                                                                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,00000000,00000000), ref: 013FC394
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove$P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 3282753913-1759677748
                                                                                                                                • Opcode ID: fdaeb0bafed0801acb5742fe8beb2821b0950a864ae6796d82168c62b39330f8
                                                                                                                                • Instruction ID: 1f1b98eadbeb8467112b389f0aa8441b2eecf114b8c19e0c4398a5070a88ade5
                                                                                                                                • Opcode Fuzzy Hash: fdaeb0bafed0801acb5742fe8beb2821b0950a864ae6796d82168c62b39330f8
                                                                                                                                • Instruction Fuzzy Hash: 7E41DF71A40245ABFB209F58DC42FA6B7ACEF90718F084129EE0897241E772E945CBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140ADB0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007D,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,000001E5), ref: 0140AE89
                                                                                                                                • OPENSSL_malloc.ADB(30203012), ref: 0140AE99
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,0166331E,30203012), ref: 0140AEB3
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 0140AECD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$L_mallocR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 2077891473-3754478375
                                                                                                                                • Opcode ID: 45cd7d0741c27e68d1770959f791f2458484898ad7cec7418e98088b06e4ee96
                                                                                                                                • Instruction ID: f4285daa07d51432cb9250ca0b464abff77d6ad7bc06b8f9226954e7a9056135
                                                                                                                                • Opcode Fuzzy Hash: 45cd7d0741c27e68d1770959f791f2458484898ad7cec7418e98088b06e4ee96
                                                                                                                                • Instruction Fuzzy Hash: FC316CB06843059FE7229E1ADC85F7B73D8AB44328F20043BFA06973E1D675DC4187A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7290, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F72C5
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F730F
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,?), ref: 013F735C
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000064,external/boringssl/src/crypto/fipsmodule/digest/digest.c,00000081), ref: 013F7391
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F72F7, 013F7386
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormallocmemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 501939498-820803757
                                                                                                                                • Opcode ID: e39a8e0838908d05425a0374dd4de9ea614f7c63552a34ff1f386c305d744f0b
                                                                                                                                • Instruction ID: f77b1781422b4ac892456d3be3c2f72a16e8d9431ff340df876ebe1384cedeea
                                                                                                                                • Opcode Fuzzy Hash: e39a8e0838908d05425a0374dd4de9ea614f7c63552a34ff1f386c305d744f0b
                                                                                                                                • Instruction Fuzzy Hash: 8D313875600215FBEB10CE29DC85B9A3BA8EF55748F08806EFE098F291E771D905CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70436A43, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 55%
                                                                                                                                			E70436A43(void* __ecx) {
				struct HINSTANCE__* _v8;
				CHAR* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t31;
				signed int _t35;
				signed int _t37;
				signed int _t40;
				signed int _t52;
				signed int _t53;
				void* _t54;
				void* _t57;
				signed int _t58;
				intOrPtr _t68;

				_t51 = __ecx;
				_v8 = 0;
				_v16 = 0;
				_t68 =  *0x7043fa8c; // 0x1
				if(_t68 == 0) {
					E7043A297(__ecx);
				}
				 *0x7043f024 = 0;
				GetModuleFileNameA(0, 0x7043ef20, 0x104);
				_t31 =  *0x7043fa9c; // 0x783470
				 *0x7043eef8 = 0x7043ef20;
				if(_t31 == 0) {
					L4:
					_v12 = 0x7043ef20;
					goto L5;
				} else {
					_v12 = _t31;
					if( *_t31 != 0) {
						L5:
						E7043685C(_t51,  &_v16, _v12, 0, 0,  &_v8);
						_t61 = _v8;
						_push( &_v24);
						_t52 = 4;
						_t35 = _v8;
						_push(_t35 * _t52 >> 0x20);
						_push(_t35 * _t52);
						_t37 = E7043682C();
						if(_t37 < 0) {
							L10:
							return _t37 | 0xffffffff;
						}
						_push( &_v20);
						_t40 = _v16;
						_t53 = 4;
						_push(_t40 * _t53 >> 0x20);
						_push(_t40 * _t53);
						_t37 = E7043682C();
						if(_t37 < 0) {
							goto L10;
						}
						_t37 = E7043561E(_v24, _v20,  &_v24);
						if(_t37 < 0) {
							goto L10;
						}
						_t37 = E70435133(0, _t57, _v24);
						_t58 = _t37;
						_pop(_t54);
						if(_t58 == 0) {
							goto L10;
						}
						E7043685C(_t54,  &_v16, _v12, _t58, _t58 + _t61 * 4,  &_v8);
						 *0x7043eedc = _v8 - 1;
						 *0x7043eee0 = _t58;
						return 0;
					}
					goto L4;
				}
			}





















                                                                                                                                0x70436a43
                                                                                                                                0x70436a50
                                                                                                                                0x70436a53
                                                                                                                                0x70436a56
                                                                                                                                0x70436a5c
                                                                                                                                0x70436a5e
                                                                                                                                0x70436a5e
                                                                                                                                0x70436a6f
                                                                                                                                0x70436a75
                                                                                                                                0x70436a7b
                                                                                                                                0x70436a80
                                                                                                                                0x70436a88
                                                                                                                                0x70436a91
                                                                                                                                0x70436a91
                                                                                                                                0x00000000
                                                                                                                                0x70436a8a
                                                                                                                                0x70436a8a
                                                                                                                                0x70436a8f
                                                                                                                                0x70436a94
                                                                                                                                0x70436aa0
                                                                                                                                0x70436aa5
                                                                                                                                0x70436aab
                                                                                                                                0x70436aae
                                                                                                                                0x70436aaf
                                                                                                                                0x70436ab3
                                                                                                                                0x70436ab4
                                                                                                                                0x70436ab5
                                                                                                                                0x70436abf
                                                                                                                                0x70436b2a
                                                                                                                                0x00000000
                                                                                                                                0x70436b2a
                                                                                                                                0x70436ac4
                                                                                                                                0x70436ac5
                                                                                                                                0x70436aca
                                                                                                                                0x70436acd
                                                                                                                                0x70436ace
                                                                                                                                0x70436acf
                                                                                                                                0x70436ad9
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436ae5
                                                                                                                                0x70436aef
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436af4
                                                                                                                                0x70436af9
                                                                                                                                0x70436afb
                                                                                                                                0x70436afe
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70436b0f
                                                                                                                                0x70436b1b
                                                                                                                                0x70436b20
                                                                                                                                0x00000000
                                                                                                                                0x70436b26
                                                                                                                                0x00000000
                                                                                                                                0x70436a8f

                                                                                                                                APIs
                                                                                                                                • ___initmbctable.LIBCMT ref: 70436A5E
                                                                                                                                  • Part of subcall function 7043A297: __setmbcp.LIBCMT ref: 7043A2A2
                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe,00000104), ref: 70436A75
                                                                                                                                • _malloc.LIBCMT ref: 70436AF4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileModuleName___initmbctable__setmbcp_malloc
                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe$p4x
                                                                                                                                • API String ID: 2586856902-359435981
                                                                                                                                • Opcode ID: 7b52eb97cdf4f336189b6c7c68edc02f540200ea16129652745af61b99ec8e69
                                                                                                                                • Instruction ID: 4b094c21eaabd76a9c7c57b6a108b28797bd4277210ea2f612febecdb9494e57
                                                                                                                                • Opcode Fuzzy Hash: 7b52eb97cdf4f336189b6c7c68edc02f540200ea16129652745af61b99ec8e69
                                                                                                                                • Instruction Fuzzy Hash: 533161B2D0015ABEDB00DB95CD41AAEFBBCEB08318F615069E505F6250E675AE04CB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E08E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E08F1
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E09C4
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E09B9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 2531206346-2228489102
                                                                                                                                • Opcode ID: 1c6a6647fd0910bd863bf5b6458f471576bcec279aee6f8e760d7b5d62ae6dc7
                                                                                                                                • Instruction ID: 042550fd7276d85a929ce1b93343eaf82b6b87407b0be440e36b5020c2ca64b9
                                                                                                                                • Opcode Fuzzy Hash: 1c6a6647fd0910bd863bf5b6458f471576bcec279aee6f8e760d7b5d62ae6dc7
                                                                                                                                • Instruction Fuzzy Hash: AE2106B17403258FF7259F19D848B17B7E4AFA071CF05402DF5966B2A1D3B1D44587D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E9870, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E98E0
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/mul.c,00000284), ref: 013E9914
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/mul.c, xrefs: 013E9909
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errorX_get
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/mul.c
                                                                                                                                • API String ID: 1566580886-1069320938
                                                                                                                                • Opcode ID: af9192fdfaad0756fa8a55ae9e2388ae96e123d0263295f8f261855c1bac7e50
                                                                                                                                • Instruction ID: 10112a0337ab6ef2f7265d87fccdebbf6f41239c03bb807dab0dafd30aa4cc91
                                                                                                                                • Opcode Fuzzy Hash: af9192fdfaad0756fa8a55ae9e2388ae96e123d0263295f8f261855c1bac7e50
                                                                                                                                • Instruction Fuzzy Hash: 8121F671A003226BEB209A1A8C0CF2B7FE9AF9565CF09442CF98D532D1E774E904C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F26B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000258), ref: 013F26BC
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,00000258), ref: 013F26CE
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,0000007C,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,0000003E), ref: 013F271F
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013F272E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/aead.c, xrefs: 013F2709, 013F2714
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 1221117171-2050848870
                                                                                                                                • Opcode ID: 3767215017b264fc8714e1113f1700bcc7140de31d1c09029039f3e216138cbb
                                                                                                                                • Instruction ID: 632e5db9e116403e271182eee9a82fc649677e683dea895af0b86aebf993df76
                                                                                                                                • Opcode Fuzzy Hash: 3767215017b264fc8714e1113f1700bcc7140de31d1c09029039f3e216138cbb
                                                                                                                                • Instruction Fuzzy Hash: 321148F0740312B7F61056198C46F3BB29C9FA0649F04422DFB01A61C2E3B4EC4882B6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DF4E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?,?,?,?,?,013DFCF4,?,?), ref: 013DF51E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?), ref: 013DF53B
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 013DF546
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 591724698-2228489102
                                                                                                                                • Opcode ID: d550aa53242b7bb466840779833c453473c5dea68d1ac3be037867bd4ba84168
                                                                                                                                • Instruction ID: f0eab83fe5e3030d6e638deaf3cedd16fbe8aec0281baa3ceb8802cdccdbdf44
                                                                                                                                • Opcode Fuzzy Hash: d550aa53242b7bb466840779833c453473c5dea68d1ac3be037867bd4ba84168
                                                                                                                                • Instruction Fuzzy Hash: 3001DB72E40309F7EB009E55FCC1FA6369EAB5074CF84402AFE0AAA1D1E3B2D6528651
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC580, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC592
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC5A8
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?,?,?,?,013F7B19,?,?), ref: 013F8328
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?), ref: 013F833C
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC5BF
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,0000033E), ref: 013FC5DB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC5D0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmp$N_cmp$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 4157703716-1759677748
                                                                                                                                • Opcode ID: 1d2784c7cac23b2dc5c5ea76e8364ea1c437d88d1de2aaeb1da044113db29913
                                                                                                                                • Instruction ID: c4672fbe0bc6601ec90ed437b736ed0ade4242827eb37d833597a85310608fe6
                                                                                                                                • Opcode Fuzzy Hash: 1d2784c7cac23b2dc5c5ea76e8364ea1c437d88d1de2aaeb1da044113db29913
                                                                                                                                • Instruction Fuzzy Hash: C0012BB2A402197BFA01766DAC45F1F375CFF6135CF040038FE09A6242F215E62985A7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01400D90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?,?,00000000,?,00000000,01400C63,?,?,?,?,?), ref: 01400DA5
                                                                                                                                • BN_ucmp.ADB(?,?,?,?,?,?,00000000,?,00000000,01400C63,?,?,?,?,?), ref: 01400DD4
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006B,external/boringssl/src/crypto/fipsmodule/ec/oct.c,000000F1,?,?,?,?,00000000,?,00000000,01400C63,?,?,?), ref: 01400DF0
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/oct.c, xrefs: 01400DE5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 2336030324-1227443160
                                                                                                                                • Opcode ID: 3afc6e46aca55145aa9404d4fd84b3338f75fe9233e6e69bb413162641f60e94
                                                                                                                                • Instruction ID: 415068284751334897fc3ef8d33aeb31065d15c38eb5a345ab265a1466fc0130
                                                                                                                                • Opcode Fuzzy Hash: 3afc6e46aca55145aa9404d4fd84b3338f75fe9233e6e69bb413162641f60e94
                                                                                                                                • Instruction Fuzzy Hash: A101A7716403056FEA106A5ADCC1B5FB7E8AF54398F44003AFE4853291E7B5E8D5C662
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531520, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ASN1_item_i2d.ADB(?,?,?,?,?,?,?), ref: 01531547
                                                                                                                                • ASN1_item_d2i.ADB(00000000,?,00000000,?), ref: 01531563
                                                                                                                                • OPENSSL_free.ADB ref: 01531570
                                                                                                                                • ERR_put_error.ADB(0000000C,00000000,00000041,external/boringssl/src/crypto/asn1/a_dup.c,00000050), ref: 01531587
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/asn1/a_dup.c, xrefs: 0153157C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN1_item_d2iN1_item_i2dR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/asn1/a_dup.c
                                                                                                                                • API String ID: 2100792418-342876411
                                                                                                                                • Opcode ID: 90c0677acf06348690f70beeffb7f8bfec2d894f9713ec14d2fdd86b2a31809b
                                                                                                                                • Instruction ID: ad903f8ce252dd455163e773c84132446e949effe8edaef8eafbf85092d7a1a8
                                                                                                                                • Opcode Fuzzy Hash: 90c0677acf06348690f70beeffb7f8bfec2d894f9713ec14d2fdd86b2a31809b
                                                                                                                                • Instruction Fuzzy Hash: 48F0A4B1A4421177E614AB15EC56F6F7B98DFD1A00F48052DF9869F2C1E5B1980486A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCF30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_new_method.ADB(00000000), ref: 013FCF33
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_malloc.ADB(00000024,?,?,013FCE37,00000000), ref: 013FCE44
                                                                                                                                  • Part of subcall function 013FCE40: ENGINE_get_ECDSA_method.ADB(?,?,?,?,?,?,?,?,00000000), ref: 013FCE9F
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_new_ex_data.ADB(-00000020,?,?,?,?,?,?,?,00000000), ref: 013FCEC9
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_free_ex_data.ADB(017287C4,00000000,-00000020), ref: 013FCEF0
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_free.ADB(00000000), ref: 013FCF09
                                                                                                                                • EC_GROUP_new_by_curve_name.ADB(?), ref: 013FCF45
                                                                                                                                  • Part of subcall function 013FAC50: CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FAC65
                                                                                                                                • EC_KEY_free.ADB(00000000), ref: 013FCF54
                                                                                                                                  • Part of subcall function 013FCF80: CRYPTO_refcount_dec_and_test_zero.ADB(00000000,00000000,?,013FCF59,00000000), ref: 013FCF92
                                                                                                                                  • Part of subcall function 013FCF80: EC_GROUP_free.ADB(?,00000000), ref: 013FCFC0
                                                                                                                                  • Part of subcall function 013FCF80: EC_GROUP_free.ADB(?,?,00000000), ref: 013FCFD1
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(?,?,?,00000000), ref: 013FCFDA
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(?,?,00000000), ref: 013FCFE5
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FCFFD
                                                                                                                                  • Part of subcall function 013FCF80: CRYPTO_free_ex_data.ADB(017287C4,?,?,?,?,00000000), ref: 013FD02A
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000041,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,00000090), ref: 013FCF6E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FCF63
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$O_free_ex_dataP_free$A_methodE_get_L_mallocO_new_ex_dataO_onceO_refcount_dec_and_test_zeroP_new_by_curve_nameR_put_errorY_freeY_new_method
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1244602853-3769350328
                                                                                                                                • Opcode ID: 40522e59150a6c25ef02c64f4454e78c23d27c4a9937aac1fd067c49c000d47d
                                                                                                                                • Instruction ID: 9bcfa61e16842939bc5e626dee18a917d213e4b4d32151c090a59caa77136025
                                                                                                                                • Opcode Fuzzy Hash: 40522e59150a6c25ef02c64f4454e78c23d27c4a9937aac1fd067c49c000d47d
                                                                                                                                • Instruction Fuzzy Hash: 4AE04FA5FC432626F97036392D02F56A4845F31A4DF051038FB0EE62D6F592A95982D7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70439F3C, Relevance: 7.7, APIs: 5, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E70439F3C(void* __ecx, void* __edx, void* __eflags, int _a4, signed int _a8) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t53;
				void* _t56;
				signed char _t59;
				signed int _t61;
				short* _t62;
				signed int _t67;
				signed int _t71;
				signed char* _t79;
				signed int _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr* _t87;
				signed int _t93;
				signed char _t94;
				signed int _t95;
				signed int _t97;
				int _t99;
				signed int _t100;
				signed int _t103;
				intOrPtr* _t107;
				signed int _t109;

				_t53 =  *0x7043e060; // 0x4d88bf16
				_v8 = _t53 ^ _t109;
				_t83 = _a8;
				_t99 = E70439EBB(_a4);
				_t102 = 0;
				_a4 = _t99;
				_t114 = _t99;
				if(_t99 != 0) {
					_v32 = 0;
					_t56 = 0;
					__eflags = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t56 + 0x7043e9f0)) - _t99;
						if( *((intOrPtr*)(_t56 + 0x7043e9f0)) == _t99) {
							break;
						}
						_v32 = _v32 + 1;
						_t56 = _t56 + 0x30;
						__eflags = _t56 - 0xf0;
						if(_t56 < 0xf0) {
							continue;
						} else {
							_t71 = GetCPInfo(_t99,  &_v28);
							__eflags = _t71;
							if(_t71 == 0) {
								__eflags =  *0x7043f808 - _t102; // 0x0
								if(__eflags != 0) {
									goto L1;
								} else {
									_t65 = _t71 | 0xffffffff;
									__eflags = _t71 | 0xffffffff;
								}
							} else {
								E70435060(_t99, _t83 + 0x1c, _t102, 0x101);
								_t97 = 1;
								 *(_t83 + 4) = _t99;
								 *(_t83 + 0xc) = _t102;
								__eflags = _v28 - 1;
								if(_v28 <= 1) {
									 *(_t83 + 8) = _t102;
								} else {
									__eflags = _v22;
									if(_v22 != 0) {
										_t107 =  &_v21;
										while(1) {
											_t94 =  *_t107;
											__eflags = _t94;
											if(_t94 == 0) {
												goto L26;
											}
											_t82 =  *(_t107 - 1) & 0x000000ff;
											_t95 = _t94 & 0x000000ff;
											while(1) {
												__eflags = _t82 - _t95;
												if(_t82 > _t95) {
													break;
												}
												 *(_t83 + _t82 + 0x1d) =  *(_t83 + _t82 + 0x1d) | 0x00000004;
												_t82 = _t82 + 1;
												__eflags = _t82;
											}
											_t107 = _t107 + 2;
											__eflags =  *(_t107 - 1);
											if( *(_t107 - 1) != 0) {
												continue;
											}
											goto L26;
										}
									}
									L26:
									_t79 = _t83 + 0x1e;
									_t93 = 0xfe;
									do {
										 *_t79 =  *_t79 | 0x00000008;
										_t79 =  &(_t79[1]);
										_t93 = _t93 - 1;
										__eflags = _t93;
									} while (_t93 != 0);
									 *(_t83 + 0xc) = E70439B30( *(_t83 + 4));
									 *(_t83 + 8) = _t97;
								}
								_t99 = _t83 + 0x10;
								asm("stosd");
								asm("stosd");
								asm("stosd");
								L22:
								_t102 = _t83;
								E70439BCD(_t83);
								goto L2;
							}
						}
						goto L33;
					}
					E70435060(_t99, _t83 + 0x1c, _t102, 0x101);
					_t86 = _v32 * 0x30;
					_v36 = _t102;
					_t103 = _t86 + 0x7043ea00;
					_v32 = _t103;
					while(1) {
						L18:
						__eflags =  *_t103;
						if( *_t103 == 0) {
							break;
						}
						_t59 =  *(_t103 + 1);
						__eflags = _t59;
						if(_t59 != 0) {
							_t100 =  *_t103 & 0x000000ff;
							_t67 = _t59 & 0x000000ff;
							while(1) {
								__eflags = _t100 - _t67;
								if(_t100 > _t67) {
									break;
								}
								_t24 = _v36 + 0x7043e9ec; // 0x0
								 *(_t83 + _t100 + 0x1d) =  *(_t83 + _t100 + 0x1d) |  *_t24;
								_t67 =  *(_t103 + 1) & 0x000000ff;
								_t100 = _t100 + 1;
								__eflags = _t100;
							}
							_t99 = _a4;
							_t103 = _t103 + 2;
							__eflags = _t103;
							continue;
						}
						break;
					}
					_v36 = _v36 + 1;
					_t103 = _v32 + 8;
					__eflags = _v36 - 4;
					_v32 = _t103;
					if(_v36 < 4) {
						goto L18;
					}
					 *(_t83 + 4) = _t99;
					 *(_t83 + 8) = 1;
					_t61 = E70439B30(_t99);
					 *(_t83 + 0xc) = _t61;
					_t62 = _t83 + 0x10;
					_t87 = _t86 + 0x7043e9f4;
					_t97 = 6;
					do {
						 *_t62 =  *_t87;
						_t87 = _t87 + 2;
						_t62 = _t62 + 2;
						_t97 = _t97 - 1;
						__eflags = _t97;
					} while (_t97 != 0);
					goto L22;
				} else {
					L1:
					L70439B64(_t83, _t114);
					L2:
					_t65 = 0;
				}
				L33:
				return E704347BF(_t65, _t83, _v8 ^ _t109, _t97, _t99, _t102);
			}


































                                                                                                                                0x70439f44
                                                                                                                                0x70439f4b
                                                                                                                                0x70439f4f
                                                                                                                                0x70439f5c
                                                                                                                                0x70439f5e
                                                                                                                                0x70439f60
                                                                                                                                0x70439f63
                                                                                                                                0x70439f65
                                                                                                                                0x70439f75
                                                                                                                                0x70439f78
                                                                                                                                0x70439f78
                                                                                                                                0x70439f7a
                                                                                                                                0x70439f7a
                                                                                                                                0x70439f80
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70439f82
                                                                                                                                0x70439f85
                                                                                                                                0x70439f88
                                                                                                                                0x70439f8d
                                                                                                                                0x00000000
                                                                                                                                0x70439f8f
                                                                                                                                0x70439f94
                                                                                                                                0x70439f9a
                                                                                                                                0x70439f9c
                                                                                                                                0x7043a0d5
                                                                                                                                0x7043a0db
                                                                                                                                0x00000000
                                                                                                                                0x7043a0e1
                                                                                                                                0x7043a0e1
                                                                                                                                0x7043a0e1
                                                                                                                                0x7043a0e1
                                                                                                                                0x70439fa2
                                                                                                                                0x70439fac
                                                                                                                                0x70439fb3
                                                                                                                                0x70439fb7
                                                                                                                                0x70439fba
                                                                                                                                0x70439fbd
                                                                                                                                0x70439fc0
                                                                                                                                0x7043a0be
                                                                                                                                0x70439fc6
                                                                                                                                0x70439fc6
                                                                                                                                0x70439fca
                                                                                                                                0x70439fd0
                                                                                                                                0x70439fd3
                                                                                                                                0x70439fd3
                                                                                                                                0x70439fd5
                                                                                                                                0x70439fd7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70439fdd
                                                                                                                                0x70439fe1
                                                                                                                                0x7043a08f
                                                                                                                                0x7043a08f
                                                                                                                                0x7043a091
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043a089
                                                                                                                                0x7043a08e
                                                                                                                                0x7043a08e
                                                                                                                                0x7043a08e
                                                                                                                                0x7043a094
                                                                                                                                0x7043a095
                                                                                                                                0x7043a099
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043a099
                                                                                                                                0x70439fd3
                                                                                                                                0x7043a09f
                                                                                                                                0x7043a09f
                                                                                                                                0x7043a0a2
                                                                                                                                0x7043a0a7
                                                                                                                                0x7043a0a7
                                                                                                                                0x7043a0aa
                                                                                                                                0x7043a0ab
                                                                                                                                0x7043a0ab
                                                                                                                                0x7043a0ab
                                                                                                                                0x7043a0b6
                                                                                                                                0x7043a0b9
                                                                                                                                0x7043a0b9
                                                                                                                                0x7043a0cd
                                                                                                                                0x7043a0d0
                                                                                                                                0x7043a0d1
                                                                                                                                0x7043a0d2
                                                                                                                                0x7043a07d
                                                                                                                                0x7043a07d
                                                                                                                                0x7043a07f
                                                                                                                                0x00000000
                                                                                                                                0x7043a07f
                                                                                                                                0x70439f9c
                                                                                                                                0x00000000
                                                                                                                                0x70439f8d
                                                                                                                                0x70439ff3
                                                                                                                                0x70439ffe
                                                                                                                                0x7043a001
                                                                                                                                0x7043a004
                                                                                                                                0x7043a00a
                                                                                                                                0x7043a039
                                                                                                                                0x7043a039
                                                                                                                                0x7043a039
                                                                                                                                0x7043a03c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043a00f
                                                                                                                                0x7043a012
                                                                                                                                0x7043a014
                                                                                                                                0x7043a016
                                                                                                                                0x7043a019
                                                                                                                                0x7043a030
                                                                                                                                0x7043a030
                                                                                                                                0x7043a032
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043a021
                                                                                                                                0x7043a027
                                                                                                                                0x7043a02b
                                                                                                                                0x7043a02f
                                                                                                                                0x7043a02f
                                                                                                                                0x7043a02f
                                                                                                                                0x7043a034
                                                                                                                                0x7043a038
                                                                                                                                0x7043a038
                                                                                                                                0x00000000
                                                                                                                                0x7043a038
                                                                                                                                0x00000000
                                                                                                                                0x7043a014
                                                                                                                                0x7043a041
                                                                                                                                0x7043a044
                                                                                                                                0x7043a047
                                                                                                                                0x7043a04b
                                                                                                                                0x7043a04e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043a052
                                                                                                                                0x7043a055
                                                                                                                                0x7043a05c
                                                                                                                                0x7043a063
                                                                                                                                0x7043a066
                                                                                                                                0x7043a069
                                                                                                                                0x7043a06f
                                                                                                                                0x7043a070
                                                                                                                                0x7043a074
                                                                                                                                0x7043a077
                                                                                                                                0x7043a079
                                                                                                                                0x7043a07a
                                                                                                                                0x7043a07a
                                                                                                                                0x7043a07a
                                                                                                                                0x00000000
                                                                                                                                0x70439f67
                                                                                                                                0x70439f67
                                                                                                                                0x70439f69
                                                                                                                                0x70439f6e
                                                                                                                                0x70439f6e
                                                                                                                                0x70439f6e
                                                                                                                                0x7043a0e4
                                                                                                                                0x7043a0f2

                                                                                                                                APIs
                                                                                                                                • getSystemCP.LIBCMT ref: 70439F57
                                                                                                                                  • Part of subcall function 70439EBB: GetOEMCP.KERNEL32(00000000,?), ref: 70439EE4
                                                                                                                                • GetCPInfo.KERNEL32(00000000,?,00000000,?,00000000), ref: 70439F94
                                                                                                                                • _memset.LIBCMT ref: 70439FAC
                                                                                                                                • setSBUpLow.LIBCMT ref: 7043A07F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoSystem_memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2125918154-0
                                                                                                                                • Opcode ID: cd3631350c06e17f7602a47b9b547e14f97419bba1470754b89115f977edbdb6
                                                                                                                                • Instruction ID: 8bab7bb433b64e38605e46a90002f8b66e075de3bbdd296c4c0158e44c6ece31
                                                                                                                                • Opcode Fuzzy Hash: cd3631350c06e17f7602a47b9b547e14f97419bba1470754b89115f977edbdb6
                                                                                                                                • Instruction Fuzzy Hash: 3751F8329401558FDB0ACF65C8806AEFBB4EF49344F54A46ED892FB286D33DD852CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989FB7, Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 93%
                                                                                                                                			E70989FB7(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t19;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t50;
				void* _t51;
				void* _t56;
				LONG* _t58;
				intOrPtr* _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t79;

				_t57 = __edi;
				_t49 = __ebx;
				_push(8);
				_push(0x70993958);
				_t19 = E70988D28(__ebx, __edi, __esi);
				_t61 =  *((intOrPtr*)(_t62 + 8));
				if(_t61 != 0) {
					_t22 =  *((intOrPtr*)(_t61 + 0x28));
					_t66 = _t22;
					if(_t22 != 0) {
						E70988AB7(_t49, _t57, _t61, _t66);
						_t50 = _t22;
					}
					_t23 =  *((intOrPtr*)(_t61 + 0x2c));
					_t67 = _t23;
					if(_t23 != 0) {
						E70988AB7(_t49, _t57, _t61, _t67);
						_t50 = _t23;
					}
					_t24 =  *((intOrPtr*)(_t61 + 0x30));
					_t68 = _t24;
					if(_t24 != 0) {
						E70988AB7(_t49, _t57, _t61, _t68);
						_t50 = _t24;
					}
					_t25 =  *((intOrPtr*)(_t61 + 0x34));
					_t69 = _t25;
					if(_t25 != 0) {
						E70988AB7(_t49, _t57, _t61, _t69);
						_t50 = _t25;
					}
					_t26 =  *((intOrPtr*)(_t61 + 0x3c));
					_t70 = _t26;
					if(_t26 != 0) {
						E70988AB7(_t49, _t57, _t61, _t70);
						_t50 = _t26;
					}
					_t27 =  *((intOrPtr*)(_t61 + 0x40));
					_t71 = _t27;
					if(_t27 != 0) {
						E70988AB7(_t49, _t57, _t61, _t71);
						_t50 = _t27;
					}
					_t28 =  *((intOrPtr*)(_t61 + 0x44));
					_t72 = _t28;
					if(_t28 != 0) {
						E70988AB7(_t49, _t57, _t61, _t72);
						_t50 = _t28;
					}
					_t29 =  *((intOrPtr*)(_t61 + 0x48));
					_t73 = _t29;
					if(_t29 != 0) {
						E70988AB7(_t49, _t57, _t61, _t73);
						_t50 = _t29;
					}
					_t30 =  *((intOrPtr*)(_t61 + 0x5c));
					_t74 = _t30 - 0x709960e0;
					if(_t30 != 0x709960e0) {
						E70988AB7(_t49, _t57, _t61, _t74);
						_t50 = _t30;
					}
					E7098DA52(_t49, _t50, _t56, _t57, 0xd);
					_pop(_t51);
					 *(_t62 - 4) =  *(_t62 - 4) & 0x00000000;
					_t58 =  *(_t61 + 0x68);
					if(_t58 != 0 && InterlockedDecrement(_t58) == 0) {
						_t77 = _t58 - 0x709961c0;
						if(_t58 != 0x709961c0) {
							E70988AB7(_t49, _t58, _t61, _t77);
							_t51 = _t58;
						}
					}
					 *(_t62 - 4) = 0xfffffffe;
					E7098A0ED();
					E7098DA52(_t49, _t51, _t56, _t58, 0xc);
					 *(_t62 - 4) = 1;
					_t59 =  *((intOrPtr*)(_t61 + 0x6c));
					if(_t59 != 0) {
						E7098C730(_t59);
						_t79 = _t59 -  *0x709967c8; // 0x709966f0
						if(_t79 != 0 && _t59 != 0x709966f0) {
							_t81 =  *_t59;
							if( *_t59 == 0) {
								E7098C54E(_t59);
							}
						}
					}
					 *(_t62 - 4) = 0xfffffffe;
					E7098A0F9();
					_push(_t61);
					_t19 = E70988AB7(_t49, _t59, _t61, _t81);
				}
				return E70988D6D(_t19);
			}





















                                                                                                                                0x70989fb7
                                                                                                                                0x70989fb7
                                                                                                                                0x70989fb7
                                                                                                                                0x70989fb9
                                                                                                                                0x70989fbe
                                                                                                                                0x70989fc3
                                                                                                                                0x70989fc8
                                                                                                                                0x70989fdc
                                                                                                                                0x70989fdf
                                                                                                                                0x70989fe1
                                                                                                                                0x70989fe4
                                                                                                                                0x70989fe9
                                                                                                                                0x70989fe9
                                                                                                                                0x70989fea
                                                                                                                                0x70989fed
                                                                                                                                0x70989fef
                                                                                                                                0x70989ff2
                                                                                                                                0x70989ff7
                                                                                                                                0x70989ff7
                                                                                                                                0x70989ff8
                                                                                                                                0x70989ffb
                                                                                                                                0x70989ffd
                                                                                                                                0x7098a000
                                                                                                                                0x7098a005
                                                                                                                                0x7098a005
                                                                                                                                0x7098a006
                                                                                                                                0x7098a009
                                                                                                                                0x7098a00b
                                                                                                                                0x7098a00e
                                                                                                                                0x7098a013
                                                                                                                                0x7098a013
                                                                                                                                0x7098a014
                                                                                                                                0x7098a017
                                                                                                                                0x7098a019
                                                                                                                                0x7098a01c
                                                                                                                                0x7098a021
                                                                                                                                0x7098a021
                                                                                                                                0x7098a022
                                                                                                                                0x7098a025
                                                                                                                                0x7098a027
                                                                                                                                0x7098a02a
                                                                                                                                0x7098a02f
                                                                                                                                0x7098a02f
                                                                                                                                0x7098a030
                                                                                                                                0x7098a033
                                                                                                                                0x7098a035
                                                                                                                                0x7098a038
                                                                                                                                0x7098a03d
                                                                                                                                0x7098a03d
                                                                                                                                0x7098a03e
                                                                                                                                0x7098a041
                                                                                                                                0x7098a043
                                                                                                                                0x7098a046
                                                                                                                                0x7098a04b
                                                                                                                                0x7098a04b
                                                                                                                                0x7098a04c
                                                                                                                                0x7098a04f
                                                                                                                                0x7098a054
                                                                                                                                0x7098a057
                                                                                                                                0x7098a05c
                                                                                                                                0x7098a05c
                                                                                                                                0x7098a05f
                                                                                                                                0x7098a064
                                                                                                                                0x7098a065
                                                                                                                                0x7098a069
                                                                                                                                0x7098a06e
                                                                                                                                0x7098a07b
                                                                                                                                0x7098a081
                                                                                                                                0x7098a084
                                                                                                                                0x7098a089
                                                                                                                                0x7098a089
                                                                                                                                0x7098a081
                                                                                                                                0x7098a08a
                                                                                                                                0x7098a091
                                                                                                                                0x7098a098
                                                                                                                                0x7098a09e
                                                                                                                                0x7098a0a5
                                                                                                                                0x7098a0aa
                                                                                                                                0x7098a0ad
                                                                                                                                0x7098a0b3
                                                                                                                                0x7098a0b9
                                                                                                                                0x7098a0c3
                                                                                                                                0x7098a0c6
                                                                                                                                0x7098a0c9
                                                                                                                                0x7098a0ce
                                                                                                                                0x7098a0c6
                                                                                                                                0x7098a0b9
                                                                                                                                0x7098a0cf
                                                                                                                                0x7098a0d6
                                                                                                                                0x7098a0db
                                                                                                                                0x7098a0dc
                                                                                                                                0x7098a0e1
                                                                                                                                0x7098a0e7

                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 7098A05F
                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 7098A071
                                                                                                                                • __lock.LIBCMT ref: 7098A098
                                                                                                                                • ___removelocaleref.LIBCMT ref: 7098A0AD
                                                                                                                                • ___freetlocinfo.LIBCMT ref: 7098A0C9
                                                                                                                                  • Part of subcall function 70988AB7: __lock.LIBCMT ref: 70988AD5
                                                                                                                                  • Part of subcall function 70988AB7: ___sbh_find_block.LIBCMT ref: 70988AE0
                                                                                                                                  • Part of subcall function 70988AB7: ___sbh_free_block.LIBCMT ref: 70988AEF
                                                                                                                                  • Part of subcall function 70988AB7: HeapFree.KERNEL32(00000000,70986DBD,70993878,0000000C,7098DA2E,00000000,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004,709938D8,0000000C), ref: 70988B1F
                                                                                                                                  • Part of subcall function 70988AB7: GetLastError.KERNEL32(?,70989180,00000004,709938D8,0000000C,7098EFB3,70986DBD,?,00000000,00000000,00000000,?,70989F4E,00000001,00000214), ref: 70988B30
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __lock$DecrementErrorFreeHeapInterlockedLast___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3046847140-0
                                                                                                                                • Opcode ID: 2520d9bc8128dfbc3b857016459b0df6d9492de6db72c0a1ef551ba0608f7c90
                                                                                                                                • Instruction ID: e1dd31353b7647c191b2f220b2efa1e50e7a8d9a741d8273d2c1af970d217dff
                                                                                                                                • Opcode Fuzzy Hash: 2520d9bc8128dfbc3b857016459b0df6d9492de6db72c0a1ef551ba0608f7c90
                                                                                                                                • Instruction Fuzzy Hash: D43138226047009FEA289E79A941B1FA3BC6F55764F20450EF857E77C0DFB8F8808527
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 012F0170, Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 012F01A7
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000030), ref: 012F01CB
                                                                                                                                • EVP_EncodeBlock.ADB(?,?,00000030), ref: 012F01E7
                                                                                                                                • EVP_EncodeBlock.ADB(?,?,00000030), ref: 012F0226
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 012F0265
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$BlockEncode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1702346251-0
                                                                                                                                • Opcode ID: 09a229425d137a6f936e6eb5fb7a0fc25584df90474494a48eed7db258bb0a40
                                                                                                                                • Instruction ID: 380c77c63d86c46aee435c961e419032945c3da0de6a875bb05db147512c4e9c
                                                                                                                                • Opcode Fuzzy Hash: 09a229425d137a6f936e6eb5fb7a0fc25584df90474494a48eed7db258bb0a40
                                                                                                                                • Instruction Fuzzy Hash: 3231B3796142058BD3148F58C884A2BF7EAEFD8354F19853CEA4987346E770D9048BA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E4B50, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 02a90280d5a94027a5e544ee55bec5326a89de7cab3ac9b2ba5568ccaa5472ca
                                                                                                                                • Instruction ID: bfa9238d90e4565e1541a74e7b3cfeac044c0a5cb356876b5a888cdc884b9c18
                                                                                                                                • Opcode Fuzzy Hash: 02a90280d5a94027a5e544ee55bec5326a89de7cab3ac9b2ba5568ccaa5472ca
                                                                                                                                • Instruction Fuzzy Hash: F1419EB1D043929BEB208F18C8457ABB7E4BBD9368F04462DF9C496681E7B1D944C792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70985526, Relevance: 7.6, APIs: 5, Instructions: 86fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E70985526(intOrPtr* __ecx) {
				long _v5;
				char _v9;
				char _v16;
				intOrPtr _v20;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				WCHAR* _t18;
				long _t20;
				long _t26;
				char _t27;
				long _t28;
				long _t29;
				long _t30;
				char _t31;
				void* _t39;
				intOrPtr* _t40;

				_t40 = __ecx;
				_t18 =  *(__ecx + 0x38);
				_t30 = 0;
				if(_t18 == 0) {
					_t18 = 0x709812f0;
				}
				_t39 = CreateFileW(_t18, 0xc0000000, 3, _t30, 3, _t30, _t30);
				if(_t39 != 0xffffffff) {
					_v5 = 1;
					_t20 = E7098545E(_t40, _t39);
					__eflags = _t20;
					if(_t20 == 0) {
						L7:
						_v5 = _t30;
						_t30 = GetLastError();
						L8:
						CloseHandle(_t39);
						__eflags = _t30;
						if(_t30 != 0) {
							SetLastError(_t30);
						}
						__eflags = _v5;
						if(_v5 != 0) {
							_t31 = 0;
							_v9 = 0;
							__eflags =  *(_t40 + 0x2f);
							if(__eflags <= 0) {
								L18:
								return E709868B8(_t31, _t40, _t39, _t40, __eflags);
							} else {
								goto L12;
							}
							while(1) {
								L12:
								_t26 =  *((intOrPtr*)( *_t40 + 0x20))(_v9,  &_v28);
								__eflags = _t26;
								if(_t26 == 0) {
									goto L3;
								}
								__eflags = _v20 - 3;
								if(_v20 == 3) {
									_t27 = _v16;
									__eflags = _t27;
									if(_t27 >= 0) {
										 *((char*)(_t40 + 0x46)) = _t31;
										 *((char*)(_t40 + 0x47)) = _t27;
									} else {
										 *((char*)(_t40 + 0x44)) = _t31;
										 *((char*)(_t40 + 0x45)) = _t27;
									}
								}
								_t31 = _t31 + 1;
								_v9 = _t31;
								__eflags = _t31 -  *(_t40 + 0x2f);
								if(__eflags < 0) {
									continue;
								} else {
									goto L18;
								}
							}
						}
						goto L3;
					}
					_t28 = E70985492(_t40, _t39);
					__eflags = _t28;
					if(_t28 == 0) {
						goto L7;
					}
					_t29 = E709854C6(_t40, _t39);
					__eflags = _t29;
					if(_t29 != 0) {
						goto L8;
					}
					goto L7;
				} else {
					L3:
					return 0;
				}
			}






















                                                                                                                                0x70985530
                                                                                                                                0x70985532
                                                                                                                                0x70985535
                                                                                                                                0x7098553a
                                                                                                                                0x7098553c
                                                                                                                                0x7098553c
                                                                                                                                0x70985554
                                                                                                                                0x70985559
                                                                                                                                0x70985565
                                                                                                                                0x70985569
                                                                                                                                0x7098556e
                                                                                                                                0x70985570
                                                                                                                                0x7098558a
                                                                                                                                0x7098558a
                                                                                                                                0x70985593
                                                                                                                                0x70985595
                                                                                                                                0x70985596
                                                                                                                                0x7098559c
                                                                                                                                0x7098559e
                                                                                                                                0x709855a1
                                                                                                                                0x709855a1
                                                                                                                                0x709855a7
                                                                                                                                0x709855ab
                                                                                                                                0x709855ad
                                                                                                                                0x709855af
                                                                                                                                0x709855b2
                                                                                                                                0x709855b5
                                                                                                                                0x709855ee
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709855b7
                                                                                                                                0x709855b7
                                                                                                                                0x709855c2
                                                                                                                                0x709855c5
                                                                                                                                0x709855c7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709855c9
                                                                                                                                0x709855cd
                                                                                                                                0x709855cf
                                                                                                                                0x709855d2
                                                                                                                                0x709855d4
                                                                                                                                0x709855de
                                                                                                                                0x709855e1
                                                                                                                                0x709855d6
                                                                                                                                0x709855d6
                                                                                                                                0x709855d9
                                                                                                                                0x709855d9
                                                                                                                                0x709855d4
                                                                                                                                0x709855e4
                                                                                                                                0x709855e6
                                                                                                                                0x709855e9
                                                                                                                                0x709855ec
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709855ec
                                                                                                                                0x709855b7
                                                                                                                                0x00000000
                                                                                                                                0x709855ab
                                                                                                                                0x70985575
                                                                                                                                0x7098557a
                                                                                                                                0x7098557c
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70985581
                                                                                                                                0x70985586
                                                                                                                                0x70985588
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098555b
                                                                                                                                0x7098555b
                                                                                                                                0x00000000
                                                                                                                                0x7098555b

                                                                                                                                APIs
                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 7098554E
                                                                                                                                  • Part of subcall function 7098545E: DeviceIoControl.KERNEL32 ref: 7098547E
                                                                                                                                • GetLastError.KERNEL32 ref: 7098558D
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 70985596
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 709855A1
                                                                                                                                • ?CreateHandle@AdbObjectHandle@@UAEPAXXZ.ADBWINAPI ref: 709855F0
                                                                                                                                  • Part of subcall function 70985492: DeviceIoControl.KERNEL32 ref: 709854B2
                                                                                                                                  • Part of subcall function 709854C6: DeviceIoControl.KERNEL32 ref: 709854E6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ControlDevice$CreateErrorLast$CloseFileHandleHandle@Handle@@Object
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1732981816-0
                                                                                                                                • Opcode ID: bfa844ba29d4ed41f6f39c6bf6ef67ca59672116bd741907a9967ef9317dd921
                                                                                                                                • Instruction ID: 1131372e7f8a83d97fc72aa467e117fff86934845cbb0faadcf25d59b2c91f9c
                                                                                                                                • Opcode Fuzzy Hash: bfa844ba29d4ed41f6f39c6bf6ef67ca59672116bd741907a9967ef9317dd921
                                                                                                                                • Instruction Fuzzy Hash: E0214221608384BEDF128B788845BAEBBBF5F52545F0004ADF883A73D2C6669D4DC723
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DD530, Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 013DD5A4
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013DD5C8
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 013DD5EE
                                                                                                                                • AES_wrap_key.ADB(?,?,?,00000000,?), ref: 013DD603
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013DD60E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$L_freeL_mallocS_wrap_key
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3489752937-0
                                                                                                                                • Opcode ID: cb4ebf7024b15fb8211aea5814060cae661ce6f7da01f04221639e9bf112469d
                                                                                                                                • Instruction ID: d5f26c702447004ab66988baedf3e144a1e8b299cbbd32c58160b69cb7c2e04b
                                                                                                                                • Opcode Fuzzy Hash: cb4ebf7024b15fb8211aea5814060cae661ce6f7da01f04221639e9bf112469d
                                                                                                                                • Instruction Fuzzy Hash: 792197B2904305AFD3005F55EC44B5BBFE8EF9435CF85882CF4488B291E736D9548B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70433084, Relevance: 7.6, APIs: 5, Instructions: 76pipeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 64%
                                                                                                                                			E70433084(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t36;
				signed int _t40;
				signed int _t45;
				signed int* _t46;
				long _t52;
				intOrPtr _t55;
				intOrPtr* _t63;
				signed int _t64;
				intOrPtr* _t66;
				void* _t67;

				_push(8);
				E7043480C(E7043C21D, __ebx, __edi, __esi);
				_t63 = __ecx;
				_push( *(_t67 + 0x1c));
				if( *((intOrPtr*)( *__ecx + 0x38))() == 0) {
					_t36 = 0;
				} else {
					 *(_t67 - 4) =  *(_t67 - 4) & 0x00000000;
					_push(0x2c);
					_t55 = E70433E9F();
					 *((intOrPtr*)(_t67 - 0x14)) = _t55;
					 *(_t67 - 4) = 1;
					if(_t55 == 0) {
						_t66 = 0;
					} else {
						_t66 = E70433962(_t55, _t63,  *((intOrPtr*)(_t67 + 0x10)),  *(_t67 + 0x18));
					}
					 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
					_t40 =  *((intOrPtr*)( *_t66 + 0xc))();
					 *(_t67 + 0x1c) =  *(_t67 + 0x1c) & 0x00000000;
					 *(_t67 + 0x18) = _t40;
					if(_t40 != 0) {
						_t17 = _t66 + 0x10; // 0x10
						_push(_t67 + 0x1c);
						_push( *((intOrPtr*)(_t67 + 0x10)));
						 *((char*)(_t67 + 8)) =  *((intOrPtr*)(_t63 + 0x14));
						_push( *((intOrPtr*)(_t67 + 0xc)));
						_push( *((intOrPtr*)(_t67 + 8)));
						_t45 =  *( *((intOrPtr*)(_t63 + 0x10)) + 0x48);
						_push(_t45);
						if( *((char*)(_t67 + 8)) == 0) {
							L7043C0D0();
						} else {
							L7043C0DC();
						}
						_t64 = _t45;
						_t46 =  *(_t67 + 0x14);
						if(_t46 != 0) {
							 *_t46 =  *(_t67 + 0x1c);
						}
						_t52 = GetLastError();
						if(_t64 == 0 && _t52 != 0x3e5) {
							 *((intOrPtr*)( *_t66 + 0x10))();
							 *(_t67 + 0x18) =  *(_t67 + 0x18) & _t64;
							SetLastError(_t52);
						}
					}
					 *((intOrPtr*)( *_t66 + 8))();
					_t36 =  *(_t67 + 0x18);
				}
				return E70434885(_t36);
			}













                                                                                                                                0x70433084
                                                                                                                                0x7043308b
                                                                                                                                0x70433090
                                                                                                                                0x70433092
                                                                                                                                0x7043309c
                                                                                                                                0x70433160
                                                                                                                                0x704330a2
                                                                                                                                0x704330a2
                                                                                                                                0x704330a6
                                                                                                                                0x704330ae
                                                                                                                                0x704330b0
                                                                                                                                0x704330b3
                                                                                                                                0x704330b9
                                                                                                                                0x704330cb
                                                                                                                                0x704330bb
                                                                                                                                0x704330c7
                                                                                                                                0x704330c7
                                                                                                                                0x704330cf
                                                                                                                                0x704330d5
                                                                                                                                0x704330d8
                                                                                                                                0x704330dc
                                                                                                                                0x704330e1
                                                                                                                                0x704330ea
                                                                                                                                0x704330f1
                                                                                                                                0x704330f2
                                                                                                                                0x704330f5
                                                                                                                                0x704330f8
                                                                                                                                0x704330fe
                                                                                                                                0x70433101
                                                                                                                                0x70433104
                                                                                                                                0x70433105
                                                                                                                                0x7043310e
                                                                                                                                0x70433107
                                                                                                                                0x70433107
                                                                                                                                0x70433107
                                                                                                                                0x70433113
                                                                                                                                0x70433115
                                                                                                                                0x7043311a
                                                                                                                                0x7043311f
                                                                                                                                0x7043311f
                                                                                                                                0x70433127
                                                                                                                                0x7043312b
                                                                                                                                0x70433139
                                                                                                                                0x7043313c
                                                                                                                                0x70433140
                                                                                                                                0x70433140
                                                                                                                                0x7043312b
                                                                                                                                0x7043314a
                                                                                                                                0x7043314d
                                                                                                                                0x7043314d
                                                                                                                                0x70433167

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 7043308B
                                                                                                                                  • Part of subcall function 70433E9F: _malloc.LIBCMT ref: 70433EB9
                                                                                                                                • WinUsb_ReadPipe.WINUSB(?,00000000,?,?,00000000,00000010), ref: 70433107
                                                                                                                                • WinUsb_WritePipe.WINUSB(?,00000000,?,?,00000000,00000010), ref: 7043310E
                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000010), ref: 70433121
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 70433140
                                                                                                                                  • Part of subcall function 70433962: ??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z.ADBWINAPI(?,?,?), ref: 70433973
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastPipeUsb_$Completion@@EndpointH_prolog3_catchObject@@ReadWrite_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 357012945-0
                                                                                                                                • Opcode ID: f30b665404fd70a7498a7a0df9a1df0499f968ff2cad594fd93330d258f1340c
                                                                                                                                • Instruction ID: 192733c667652cbfb7dde0136e00c3e58038f04c7c93edf48a88d2246007628a
                                                                                                                                • Opcode Fuzzy Hash: f30b665404fd70a7498a7a0df9a1df0499f968ff2cad594fd93330d258f1340c
                                                                                                                                • Instruction Fuzzy Hash: EA218D31200205DFDF16CF64C849A9EBBB1AF0C356F60501CF852AB390CB78D911DBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70985747, Relevance: 7.6, APIs: 5, Instructions: 60fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 87%
                                                                                                                                			E70985747(void* __ecx, void _a4, void* _a8) {
				void _v5;
				long _v12;
				WCHAR* _t12;
				int _t17;
				signed int _t19;
				signed int _t20;
				long _t22;
				void* _t26;

				_push(__ecx);
				_push(__ecx);
				_t12 =  *(__ecx + 0x38);
				if(_t12 == 0) {
					_t12 = 0x709812f0;
				}
				_t26 = CreateFileW(_t12, 0x80000000, 3, 0, 3, 0, 0);
				if(_t26 != 0xffffffff) {
					_v5 = _a4;
					_v12 = 0;
					_t17 = DeviceIoControl(_t26, 0x224034,  &_v5, 1, _a8, 0x10,  &_v12, 0);
					_a4 = _t17;
					if(_t17 == 0) {
						_t22 = GetLastError();
					} else {
						_t22 = 0;
					}
					_t19 = CloseHandle(_t26);
					if(_t22 != 0) {
						SetLastError(_t22);
					}
					_t20 = _t19 & 0xffffff00 | _a4 != 0x00000000;
				} else {
					_t20 = 0;
				}
				return _t20;
			}











                                                                                                                                0x7098574c
                                                                                                                                0x7098574d
                                                                                                                                0x7098574e
                                                                                                                                0x70985757
                                                                                                                                0x70985759
                                                                                                                                0x70985759
                                                                                                                                0x70985771
                                                                                                                                0x70985776
                                                                                                                                0x70985781
                                                                                                                                0x70985799
                                                                                                                                0x7098579c
                                                                                                                                0x709857a2
                                                                                                                                0x709857a7
                                                                                                                                0x709857b3
                                                                                                                                0x709857a9
                                                                                                                                0x709857a9
                                                                                                                                0x709857a9
                                                                                                                                0x709857b6
                                                                                                                                0x709857be
                                                                                                                                0x709857c1
                                                                                                                                0x709857c1
                                                                                                                                0x709857cb
                                                                                                                                0x70985778
                                                                                                                                0x70985778
                                                                                                                                0x70985778
                                                                                                                                0x709857d1

                                                                                                                                APIs
                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 7098576B
                                                                                                                                • DeviceIoControl.KERNEL32 ref: 7098579C
                                                                                                                                • GetLastError.KERNEL32 ref: 709857AD
                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 709857B6
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 709857C1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1177325624-0
                                                                                                                                • Opcode ID: bd6491c4d0d0b50ae300b1d70a9ee3130a9a9212d5a6fea0c68d7fb38d45e091
                                                                                                                                • Instruction ID: e5a736347470faa88661fb5aa71b77ce5bd63755aaf1764490c3246aa3d78dc3
                                                                                                                                • Opcode Fuzzy Hash: bd6491c4d0d0b50ae300b1d70a9ee3130a9a9212d5a6fea0c68d7fb38d45e091
                                                                                                                                • Instruction Fuzzy Hash: 3111C472605264FFC7225FA58C89FDF3F6DEB45BA1F208025FA16D63D0C270898997A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70984B29, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 27%
                                                                                                                                			E70984B29(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t13;
				intOrPtr* _t14;
				void* _t26;
				intOrPtr* _t27;
				intOrPtr* _t30;

				_t30 = __imp__SetupDiGetDeviceInterfaceDetailW;
				_push(0);
				_push( &_v8);
				_push(0);
				_push(0);
				_push(_a8);
				_v8 = 0;
				_push(_a4);
				if( *_t30() == 0) {
					_t13 = GetLastError();
					__eflags = _t13 - 0x7a;
					if(_t13 != 0x7a) {
						goto L1;
					} else {
						_push(_t26);
						_t27 = E70988B9E(0, _t26, _v8);
						__eflags = _t27;
						if(_t27 != 0) {
							 *_t27 = 6;
							__eflags =  *_t30(_a4, _a8, _t27, _v8,  &_v8, 0);
							if(__eflags == 0) {
								_push(_t27);
								E70988AB7(0, _t27, _t30, __eflags);
								goto L8;
							} else {
								 *_a12 = _t27;
								_t14 = 1;
							}
						} else {
							SetLastError(0xe);
							L8:
							_t14 = 0;
							__eflags = 0;
						}
					}
				} else {
					L1:
					_t14 = 0;
				}
				return _t14;
			}













                                                                                                                                0x70984b31
                                                                                                                                0x70984b39
                                                                                                                                0x70984b3d
                                                                                                                                0x70984b3e
                                                                                                                                0x70984b3f
                                                                                                                                0x70984b40
                                                                                                                                0x70984b43
                                                                                                                                0x70984b46
                                                                                                                                0x70984b4d
                                                                                                                                0x70984b53
                                                                                                                                0x70984b59
                                                                                                                                0x70984b5c
                                                                                                                                0x00000000
                                                                                                                                0x70984b5e
                                                                                                                                0x70984b5e
                                                                                                                                0x70984b67
                                                                                                                                0x70984b6a
                                                                                                                                0x70984b6c
                                                                                                                                0x70984b7d
                                                                                                                                0x70984b8f
                                                                                                                                0x70984b91
                                                                                                                                0x70984b9c
                                                                                                                                0x70984b9d
                                                                                                                                0x00000000
                                                                                                                                0x70984b93
                                                                                                                                0x70984b96
                                                                                                                                0x70984b98
                                                                                                                                0x70984b98
                                                                                                                                0x70984b6e
                                                                                                                                0x70984b70
                                                                                                                                0x70984ba3
                                                                                                                                0x70984ba3
                                                                                                                                0x70984ba3
                                                                                                                                0x70984ba3
                                                                                                                                0x70984ba5
                                                                                                                                0x70984b4f
                                                                                                                                0x70984b4f
                                                                                                                                0x70984b4f
                                                                                                                                0x70984b4f
                                                                                                                                0x70984ba9

                                                                                                                                APIs
                                                                                                                                • SetupDiGetDeviceInterfaceDetailW.SETUPAPI(0000001C,?,00000000,00000000,00000000,00000000), ref: 70984B49
                                                                                                                                • GetLastError.KERNEL32(?,?,70984CA6,?,?,00000000,00000008,70985101,?,0000001C,?), ref: 70984B53
                                                                                                                                • _malloc.LIBCMT ref: 70984B62
                                                                                                                                • SetLastError.KERNEL32(0000000E,?,?,?,70984CA6,?,?,00000000,00000008,70985101,?,0000001C,?), ref: 70984B70
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$DetailDeviceInterfaceSetup_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1442153595-0
                                                                                                                                • Opcode ID: fbd6b6ab073cc201acbc610f44733561662b8ec9a1f69d9f953c4cbda1079dad
                                                                                                                                • Instruction ID: 16a406fc8ea0f162c7dec622d5f015a320e9c971d32fd17e8f31d48c66f9675f
                                                                                                                                • Opcode Fuzzy Hash: fbd6b6ab073cc201acbc610f44733561662b8ec9a1f69d9f953c4cbda1079dad
                                                                                                                                • Instruction Fuzzy Hash: 79016D72404108FFDB028F95CD84E9FBB7DEF41394B204426F50196390E7B1DE11AA72
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70986728, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 95%
                                                                                                                                			E70986728(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t23;
				intOrPtr _t31;
				intOrPtr* _t46;
				void* _t47;
				void* _t50;

				_push(0x14);
				E70988000(E70992EBF, __ebx, __edi, __esi);
				_t46 = __ecx;
				 *((intOrPtr*)(_t47 - 0x20)) = __ecx;
				 *((char*)(_t47 - 0x11)) = 0;
				 *((intOrPtr*)( *__ecx + 4))();
				EnterCriticalSection(0x70997144);
				_t23 =  *((intOrPtr*)(_t46 + 4));
				if(_t23 == 0) {
					SetLastError(6);
				} else {
					 *((intOrPtr*)(_t47 - 0x18)) = _t23;
					 *(_t47 - 4) = 0;
					E7098641F(0x70997134, _t47 - 0x1c, _t47 - 0x18);
					_t31 =  *((intOrPtr*)(_t47 - 0x1c));
					_t50 = _t31 -  *0x70997138; // 0x0
					if(_t50 == 0 || _t46 !=  *((intOrPtr*)(_t31 + 0x10))) {
						SetLastError(6);
					} else {
						E7098612F(0x70997134, _t47 - 0x1c, _t31);
						 *((intOrPtr*)(_t46 + 4)) = 0;
						 *((intOrPtr*)( *_t46 + 8))();
						 *((char*)(_t47 - 0x11)) = 1;
					}
					 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				}
				LeaveCriticalSection(0x70997144);
				 *((intOrPtr*)( *_t46 + 8))();
				return E709880B4( *((intOrPtr*)(_t47 - 0x11)));
			}








                                                                                                                                0x70986728
                                                                                                                                0x7098672f
                                                                                                                                0x70986734
                                                                                                                                0x70986736
                                                                                                                                0x7098673d
                                                                                                                                0x70986740
                                                                                                                                0x70986748
                                                                                                                                0x7098674e
                                                                                                                                0x70986753
                                                                                                                                0x709867c6
                                                                                                                                0x70986755
                                                                                                                                0x70986755
                                                                                                                                0x70986767
                                                                                                                                0x7098676a
                                                                                                                                0x7098676f
                                                                                                                                0x70986772
                                                                                                                                0x70986778
                                                                                                                                0x709867b8
                                                                                                                                0x7098677f
                                                                                                                                0x70986786
                                                                                                                                0x7098678f
                                                                                                                                0x70986792
                                                                                                                                0x70986795
                                                                                                                                0x70986795
                                                                                                                                0x709867be
                                                                                                                                0x709867be
                                                                                                                                0x709867d1
                                                                                                                                0x709867db
                                                                                                                                0x709867e6

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 7098672F
                                                                                                                                • EnterCriticalSection.KERNEL32(70997144), ref: 70986748
                                                                                                                                • SetLastError.KERNEL32(00000006,?,?), ref: 709867B8
                                                                                                                                • SetLastError.KERNEL32(00000006), ref: 709867C6
                                                                                                                                • LeaveCriticalSection.KERNEL32(70997144), ref: 709867D1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalErrorLastSection$EnterH_prolog3_catchLeave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1137805416-0
                                                                                                                                • Opcode ID: d461225ee88780ded5d1c4da37a195734bfc4919f933fdd626f3fc9fb6761329
                                                                                                                                • Instruction ID: 52e2d90ff243f3f12ee2412ccd568e53338588065adde6c5c7e014f13cfc8a0e
                                                                                                                                • Opcode Fuzzy Hash: d461225ee88780ded5d1c4da37a195734bfc4919f933fdd626f3fc9fb6761329
                                                                                                                                • Instruction Fuzzy Hash: 97119431A18345CFCB10DF94C895A9EFBF9AF48304F20419AE652EB3D1CB349845DBA6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098AC1D, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E7098AC1D() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x709960d0; // 0x6ee0df6e
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x709960d0 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x709960d0 = _t32;
					 *0x709960d4 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x709960d4 = _t23;
					return _t23;
				}
			}













                                                                                                                                0x7098ac25
                                                                                                                                0x7098ac2a
                                                                                                                                0x7098ac2e
                                                                                                                                0x7098ac40
                                                                                                                                0x7098ac54
                                                                                                                                0x7098ac60
                                                                                                                                0x7098ac68
                                                                                                                                0x7098ac70
                                                                                                                                0x7098ac7c
                                                                                                                                0x7098ac85
                                                                                                                                0x7098ac88
                                                                                                                                0x7098ac8c
                                                                                                                                0x7098ac96
                                                                                                                                0x7098ac96
                                                                                                                                0x7098ac9b
                                                                                                                                0x7098aca3
                                                                                                                                0x00000000
                                                                                                                                0x7098ac46
                                                                                                                                0x7098ac46
                                                                                                                                0x7098ac48
                                                                                                                                0x00000000
                                                                                                                                0x7098ac48

                                                                                                                                APIs
                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 7098AC54
                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 7098AC60
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 7098AC68
                                                                                                                                • GetTickCount.KERNEL32 ref: 7098AC70
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 7098AC7C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                • Opcode ID: 64c6107070ad901c93a60dc2afcb64b351b15341a6dea2fff2811e5f3eadc961
                                                                                                                                • Instruction ID: fddebe5f4d61d4246965bacf003d8f9f32650136af653d4b82b7d3e83be7b1aa
                                                                                                                                • Opcode Fuzzy Hash: 64c6107070ad901c93a60dc2afcb64b351b15341a6dea2fff2811e5f3eadc961
                                                                                                                                • Instruction Fuzzy Hash: CF015E73D24224DFDB109FA7CD8879EB7BCBB48291F620626E903E7354D730A9409B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70436DB3, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 100%
                                                                                                                                			E70436DB3() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x7043e060; // 0x4d88bf16
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x7043e060 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x7043e060 = _t32;
					 *0x7043e064 =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x7043e064 = _t23;
					return _t23;
				}
			}













                                                                                                                                0x70436dbb
                                                                                                                                0x70436dc0
                                                                                                                                0x70436dc4
                                                                                                                                0x70436dd6
                                                                                                                                0x70436dea
                                                                                                                                0x70436df6
                                                                                                                                0x70436dfe
                                                                                                                                0x70436e06
                                                                                                                                0x70436e12
                                                                                                                                0x70436e1b
                                                                                                                                0x70436e1e
                                                                                                                                0x70436e22
                                                                                                                                0x70436e2c
                                                                                                                                0x70436e2c
                                                                                                                                0x70436e31
                                                                                                                                0x70436e39
                                                                                                                                0x00000000
                                                                                                                                0x70436ddc
                                                                                                                                0x70436ddc
                                                                                                                                0x70436dde
                                                                                                                                0x00000000
                                                                                                                                0x70436dde

                                                                                                                                APIs
                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 70436DEA
                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 70436DF6
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 70436DFE
                                                                                                                                • GetTickCount.KERNEL32 ref: 70436E06
                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 70436E12
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                • Opcode ID: 8b8dde6b8ee81bc42c09a54e168908ef91aa409abe420984b53cd608eb25ce35
                                                                                                                                • Instruction ID: fa8dfb11635afecd73deb1cf0394686860c063a1723a6a192e52828092379376
                                                                                                                                • Opcode Fuzzy Hash: 8b8dde6b8ee81bc42c09a54e168908ef91aa409abe420984b53cd608eb25ce35
                                                                                                                                • Instruction Fuzzy Hash: A501A577D00224EFCB109BBAC94879EF7B4FB0C255FA21535D802F7264DB7499408740
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098C09F, Relevance: 7.5, APIs: 5, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 88%
                                                                                                                                			E7098C09F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t22;
				void* _t27;
				void* _t31;
				void* _t33;
				LONG* _t35;
				void* _t36;
				void* _t37;
				void* _t41;

				_t37 = __eflags;
				_t26 = __ebx;
				_push(0xc);
				_push(0x70993b40);
				E70988D28(__ebx, __edi, __esi);
				_t33 = E70989F98(__ebx, _t37);
				if(( *(_t33 + 0x70) & 0x00000002) != 0 || ( *0x709966e4 & 0x00000001) == 0) {
					if( *((intOrPtr*)(_t33 + 0x6c)) != 0) {
						_t35 =  *(_t33 + 0x68);
						goto L11;
					}
					goto L3;
				} else {
					L3:
					E7098DA52(_t26, _t27, _t31, _t33, 0xd);
					 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
					_t35 =  *(_t33 + 0x68);
					 *(_t36 - 0x1c) = _t35;
					_t41 = _t35 -  *0x709965e8; // 0x709961c0
					if(_t41 != 0) {
						if(_t35 != 0 && InterlockedDecrement(_t35) == 0) {
							_t44 = _t35 - 0x709961c0;
							if(_t35 != 0x709961c0) {
								_push(_t35);
								E70988AB7(_t26, _t33, _t35, _t44);
							}
						}
						_t22 =  *0x709965e8; // 0x709961c0
						 *(_t33 + 0x68) = _t22;
						_t35 =  *0x709965e8; // 0x709961c0
						 *(_t36 - 0x1c) = _t35;
						InterlockedIncrement(_t35);
					}
					 *(_t36 - 4) = 0xfffffffe;
					E7098C128();
					L11:
					if(_t35 == 0) {
						E709899B7(0x20);
					}
					return E70988D6D(_t35);
				}
			}











                                                                                                                                0x7098c09f
                                                                                                                                0x7098c09f
                                                                                                                                0x7098c09f
                                                                                                                                0x7098c0a1
                                                                                                                                0x7098c0a6
                                                                                                                                0x7098c0b0
                                                                                                                                0x7098c0b6
                                                                                                                                0x7098c0c5
                                                                                                                                0x7098c133
                                                                                                                                0x00000000
                                                                                                                                0x7098c133
                                                                                                                                0x00000000
                                                                                                                                0x7098c0c7
                                                                                                                                0x7098c0c7
                                                                                                                                0x7098c0c9
                                                                                                                                0x7098c0cf
                                                                                                                                0x7098c0d3
                                                                                                                                0x7098c0d6
                                                                                                                                0x7098c0d9
                                                                                                                                0x7098c0df
                                                                                                                                0x7098c0e3
                                                                                                                                0x7098c0f0
                                                                                                                                0x7098c0f6
                                                                                                                                0x7098c0f8
                                                                                                                                0x7098c0f9
                                                                                                                                0x7098c0fe
                                                                                                                                0x7098c0f6
                                                                                                                                0x7098c0ff
                                                                                                                                0x7098c104
                                                                                                                                0x7098c107
                                                                                                                                0x7098c10d
                                                                                                                                0x7098c111
                                                                                                                                0x7098c111
                                                                                                                                0x7098c117
                                                                                                                                0x7098c11e
                                                                                                                                0x7098c136
                                                                                                                                0x7098c138
                                                                                                                                0x7098c13c
                                                                                                                                0x7098c141
                                                                                                                                0x7098c149
                                                                                                                                0x7098c149

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 7098C0AB
                                                                                                                                  • Part of subcall function 70989F98: __amsg_exit.LIBCMT ref: 70989FA8
                                                                                                                                • __lock.LIBCMT ref: 7098C0C9
                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 7098C0E6
                                                                                                                                • InterlockedIncrement.KERNEL32(709961C0), ref: 7098C111
                                                                                                                                • __amsg_exit.LIBCMT ref: 7098C13C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3977897211-0
                                                                                                                                • Opcode ID: f088a6efe0462d6c76378fbf4fcedab14a5d1af61e6b86615eaf534e04750bd4
                                                                                                                                • Instruction ID: e08cfaf09e3a3a8e96979631baf788d6aeda2bb0648ce3f02757355bc4389bb9
                                                                                                                                • Opcode Fuzzy Hash: f088a6efe0462d6c76378fbf4fcedab14a5d1af61e6b86615eaf534e04750bd4
                                                                                                                                • Instruction Fuzzy Hash: B601AD73829721AFDB129F65880974DB7B86F40768F20411AE801773C1CB38A881DBD7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709849D7, Relevance: 7.5, APIs: 5, Instructions: 48fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 83%
                                                                                                                                			E709849D7(void* __ecx, WCHAR* _a4, long _a8, long _a12) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				signed int _t16;
				long _t18;
				void* _t20;
				signed int _t21;
				void* _t25;
				void* _t29;

				_push(__ecx);
				_t29 = __ecx;
				if(E70984AA1(_a8, _a12,  &_a8,  &_v8) != 0) {
					_t15 = CreateFileW(_a4, _a8, _a12, 0, 3, 0x40000000, 0);
					 *(_t29 + 0x18) = _t15;
					__eflags = _t15 - 0xffffffff;
					if(__eflags == 0) {
						goto L1;
					} else {
						_push(_t20);
						_t21 = E709868B8(_t20, _t29, _t25, _t29, __eflags);
						__eflags = _t21;
						if(_t21 == 0) {
							_push(_t25);
							_t18 = GetLastError();
							CloseHandle( *(_t29 + 0x18));
							_t10 = _t29 + 0x18;
							 *_t10 =  *(_t29 + 0x18) | 0xffffffff;
							__eflags =  *_t10;
							SetLastError(_t18);
						}
						_t16 = _t21;
					}
				} else {
					L1:
					_t16 = 0;
				}
				return _t16;
			}















                                                                                                                                0x709849dc
                                                                                                                                0x709849e9
                                                                                                                                0x709849f5
                                                                                                                                0x70984a0f
                                                                                                                                0x70984a15
                                                                                                                                0x70984a18
                                                                                                                                0x70984a1b
                                                                                                                                0x00000000
                                                                                                                                0x70984a1d
                                                                                                                                0x70984a1d
                                                                                                                                0x70984a25
                                                                                                                                0x70984a27
                                                                                                                                0x70984a29
                                                                                                                                0x70984a2b
                                                                                                                                0x70984a2c
                                                                                                                                0x70984a37
                                                                                                                                0x70984a3d
                                                                                                                                0x70984a3d
                                                                                                                                0x70984a3d
                                                                                                                                0x70984a42
                                                                                                                                0x70984a48
                                                                                                                                0x70984a49
                                                                                                                                0x70984a4b
                                                                                                                                0x709849f7
                                                                                                                                0x709849f7
                                                                                                                                0x709849f7
                                                                                                                                0x709849f7
                                                                                                                                0x70984a4e

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 70984AA1: SetLastError.KERNEL32(00000057,?,709849F3,?,?,?,?), ref: 70984AC1
                                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,00000003,40000000,00000000,?,?,?,?), ref: 70984A0F
                                                                                                                                • ?CreateHandle@AdbObjectHandle@@UAEPAXXZ.ADBWINAPI ref: 70984A20
                                                                                                                                • GetLastError.KERNEL32 ref: 70984A2C
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 70984A37
                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 70984A42
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Create$CloseFileHandleHandle@Handle@@Object
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1712000158-0
                                                                                                                                • Opcode ID: f39c4afe0f888e641fb15132285c176c863e0ef59653e7cbf058774ba518c558
                                                                                                                                • Instruction ID: e3d344299a29cec053ce1f80e3b939c003689fa2dec279e53569f2532ea8d821
                                                                                                                                • Opcode Fuzzy Hash: f39c4afe0f888e641fb15132285c176c863e0ef59653e7cbf058774ba518c558
                                                                                                                                • Instruction Fuzzy Hash: B401BC72100204BFDB225F61CC49F9E7BADEF44224F200229F916E63E0DBB19A51AA91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70439D65, Relevance: 7.5, APIs: 5, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 89%
                                                                                                                                			E70439D65(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t22;
				void* _t27;
				void* _t31;
				void* _t33;
				LONG* _t35;
				void* _t36;
				void* _t37;
				void* _t41;

				_t37 = __eflags;
				_t31 = __edx;
				_t27 = __ecx;
				_t26 = __ebx;
				_push(0xc);
				_push(0x7043ca10);
				E70434970(__ebx, __edi, __esi);
				_t33 = E7043612E(__ebx, _t37);
				if(( *(_t33 + 0x70) & 0x00000002) != 0 || ( *0x7043ecc4 & 0x00000001) == 0) {
					if( *((intOrPtr*)(_t33 + 0x6c)) != 0) {
						_t35 =  *(_t33 + 0x68);
						goto L11;
					}
					goto L3;
				} else {
					L3:
					E7043857A(_t26, _t27, _t31, _t33, 0xd);
					 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
					_t35 =  *(_t33 + 0x68);
					 *(_t36 - 0x1c) = _t35;
					_t41 = _t35 -  *0x7043e9e8; // 0x7043e5c0
					if(_t41 != 0) {
						if(_t35 != 0 && InterlockedDecrement(_t35) == 0) {
							_t44 = _t35 - 0x7043e5c0;
							if(_t35 != 0x7043e5c0) {
								_push(_t35);
								E70435202(_t26, _t33, _t35, _t44);
							}
						}
						_t22 =  *0x7043e9e8; // 0x7043e5c0
						 *(_t33 + 0x68) = _t22;
						_t35 =  *0x7043e9e8; // 0x7043e5c0
						 *(_t36 - 0x1c) = _t35;
						InterlockedIncrement(_t35);
					}
					 *(_t36 - 4) = 0xfffffffe;
					E70439DEE();
					L11:
					if(_t35 == 0) {
						E70435B4D(0x20);
					}
					return E704349B5(_t35);
				}
			}











                                                                                                                                0x70439d65
                                                                                                                                0x70439d65
                                                                                                                                0x70439d65
                                                                                                                                0x70439d65
                                                                                                                                0x70439d65
                                                                                                                                0x70439d67
                                                                                                                                0x70439d6c
                                                                                                                                0x70439d76
                                                                                                                                0x70439d7c
                                                                                                                                0x70439d8b
                                                                                                                                0x70439df9
                                                                                                                                0x00000000
                                                                                                                                0x70439df9
                                                                                                                                0x00000000
                                                                                                                                0x70439d8d
                                                                                                                                0x70439d8d
                                                                                                                                0x70439d8f
                                                                                                                                0x70439d95
                                                                                                                                0x70439d99
                                                                                                                                0x70439d9c
                                                                                                                                0x70439d9f
                                                                                                                                0x70439da5
                                                                                                                                0x70439da9
                                                                                                                                0x70439db6
                                                                                                                                0x70439dbc
                                                                                                                                0x70439dbe
                                                                                                                                0x70439dbf
                                                                                                                                0x70439dc4
                                                                                                                                0x70439dbc
                                                                                                                                0x70439dc5
                                                                                                                                0x70439dca
                                                                                                                                0x70439dcd
                                                                                                                                0x70439dd3
                                                                                                                                0x70439dd7
                                                                                                                                0x70439dd7
                                                                                                                                0x70439ddd
                                                                                                                                0x70439de4
                                                                                                                                0x70439dfc
                                                                                                                                0x70439dfe
                                                                                                                                0x70439e02
                                                                                                                                0x70439e07
                                                                                                                                0x70439e0f
                                                                                                                                0x70439e0f

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 70439D71
                                                                                                                                  • Part of subcall function 7043612E: __amsg_exit.LIBCMT ref: 7043613E
                                                                                                                                • __lock.LIBCMT ref: 70439D8F
                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 70439DAC
                                                                                                                                • InterlockedIncrement.KERNEL32(7043E5C0), ref: 70439DD7
                                                                                                                                • __amsg_exit.LIBCMT ref: 70439E02
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3977897211-0
                                                                                                                                • Opcode ID: fa94dcd367205f14ea3909712865c2c3a32437b410f956904316188579abd4be
                                                                                                                                • Instruction ID: b8c74cda53f1161818adaa811033c1d81769184f5dbd801ae0c68d205ba4474d
                                                                                                                                • Opcode Fuzzy Hash: fa94dcd367205f14ea3909712865c2c3a32437b410f956904316188579abd4be
                                                                                                                                • Instruction Fuzzy Hash: D5018E32806611ABDB129B668C0778EFBB06F0C728FA53059E812773D4CB7C6D818BD5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70989F17, Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 65%
                                                                                                                                			E70989F17(void* __ebx) {
				void* __edi;
				void* __esi;
				void* _t10;
				long _t19;
				void* _t20;

				_t19 = GetLastError();
				E70989DD9();
				_push( *0x70996170);
				_t20 =  *(TlsGetValue( *0x7099616c))();
				if(_t20 == 0) {
					_t20 = E7098EF9D(1, 0x214);
					if(_t20 != 0) {
						_push(_t20);
						_push( *0x70996170);
						_t10 =  *((intOrPtr*)(E70989D53( *0x709972ac)))();
						_t23 = _t10;
						if(_t10 == 0) {
							_push(_t20);
							E70988AB7(__ebx, _t19, _t20, __eflags);
							_t20 = 0;
							__eflags = 0;
						} else {
							_push(0);
							_push(_t20);
							E70989E4A(__ebx, _t19, _t20, _t23);
							 *(_t20 + 4) =  *(_t20 + 4) | 0xffffffff;
						}
					}
				}
				SetLastError(_t19);
				return _t20;
			}








                                                                                                                                0x70989f21
                                                                                                                                0x70989f23
                                                                                                                                0x70989f28
                                                                                                                                0x70989f3c
                                                                                                                                0x70989f40
                                                                                                                                0x70989f4e
                                                                                                                                0x70989f54
                                                                                                                                0x70989f56
                                                                                                                                0x70989f57
                                                                                                                                0x70989f69
                                                                                                                                0x70989f6b
                                                                                                                                0x70989f6d
                                                                                                                                0x70989f7e
                                                                                                                                0x70989f7f
                                                                                                                                0x70989f84
                                                                                                                                0x70989f84
                                                                                                                                0x70989f6f
                                                                                                                                0x70989f6f
                                                                                                                                0x70989f71
                                                                                                                                0x70989f72
                                                                                                                                0x70989f77
                                                                                                                                0x70989f7b
                                                                                                                                0x70989f86
                                                                                                                                0x70989f54
                                                                                                                                0x70989f88
                                                                                                                                0x70989f92

                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,70986DBD,7098CA52,70988C5D,?,?,70986DBD,?), ref: 70989F1B
                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 70989F23
                                                                                                                                  • Part of subcall function 70989DD9: TlsGetValue.KERNEL32(70989F28,?,70986DBD,?), ref: 70989DDF
                                                                                                                                  • Part of subcall function 70989DD9: TlsSetValue.KERNEL32(00000000,70986DBD,?), ref: 70989DFC
                                                                                                                                • TlsGetValue.KERNEL32(?,70986DBD,?), ref: 70989F34
                                                                                                                                • __calloc_crt.LIBCMT ref: 70989F49
                                                                                                                                  • Part of subcall function 7098EF9D: __calloc_impl.LIBCMT ref: 7098EFAE
                                                                                                                                  • Part of subcall function 7098EF9D: Sleep.KERNEL32(00000000,?,70986DBD,?), ref: 7098EFC5
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D65
                                                                                                                                  • Part of subcall function 70989D53: TlsGetValue.KERNEL32(00000005,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989D7C
                                                                                                                                  • Part of subcall function 70989D53: RtlDecodePointer.NTDLL(70986DBD,?,7098980C,?,70988C57,70986DBD,?,?,70986DBD,?), ref: 70989DBB
                                                                                                                                  • Part of subcall function 70989E4A: GetModuleHandleW.KERNEL32(KERNELBASE.DLL,70993938,0000000C,70989F77,00000000,00000000,?,70986DBD,?), ref: 70989E61
                                                                                                                                  • Part of subcall function 70989E4A: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,70986DBD,?), ref: 70989E6F
                                                                                                                                  • Part of subcall function 70989E4A: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 70989E98
                                                                                                                                  • Part of subcall function 70989E4A: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 70989EA8
                                                                                                                                  • Part of subcall function 70989E4A: InterlockedIncrement.KERNEL32(709961C0), ref: 70989ECA
                                                                                                                                  • Part of subcall function 70989E4A: __lock.LIBCMT ref: 70989ED2
                                                                                                                                  • Part of subcall function 70989E4A: ___addlocaleref.LIBCMT ref: 70989EF1
                                                                                                                                • SetLastError.KERNEL32(00000000,?,70986DBD,?), ref: 70989F88
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value$AddressErrorHandleLastModuleProc$DecodeIncrementInterlockedPointerSleep___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2928469602-0
                                                                                                                                • Opcode ID: 42f310d323207119991df52b9a3a8a405908b10ad286384071f0f2fb27ef1a8a
                                                                                                                                • Instruction ID: 2cdff3582b464ce61d62056566cde0d1a312aa8bf5182c6d7460eb04ba0c4f4b
                                                                                                                                • Opcode Fuzzy Hash: 42f310d323207119991df52b9a3a8a405908b10ad286384071f0f2fb27ef1a8a
                                                                                                                                • Instruction Fuzzy Hash: ACF0283352D621AFC32617759C09B5E7A2DAF81671B380226F515F53F0CE21AC016692
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704360AD, Relevance: 7.5, APIs: 5, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 65%
                                                                                                                                			E704360AD(void* __ebx) {
				void* __edi;
				void* __esi;
				void* _t10;
				long _t19;
				void* _t20;

				_t19 = GetLastError();
				E70435F6F();
				_push( *0x7043e0f8);
				_t20 =  *(TlsGetValue( *0x7043e0f4))();
				if(_t20 == 0) {
					_t20 = E7043A2BA(1, 0x214);
					if(_t20 != 0) {
						_push(_t20);
						_push( *0x7043e0f8);
						_t10 =  *((intOrPtr*)(E70435EE9( *0x7043ef14)))();
						_t23 = _t10;
						if(_t10 == 0) {
							_push(_t20);
							E70435202(__ebx, _t19, _t20, __eflags);
							_t20 = 0;
							__eflags = 0;
						} else {
							_push(0);
							_push(_t20);
							E70435FE0(__ebx, _t19, _t20, _t23);
							 *(_t20 + 4) =  *(_t20 + 4) | 0xffffffff;
						}
					}
				}
				SetLastError(_t19);
				return _t20;
			}








                                                                                                                                0x704360b7
                                                                                                                                0x704360b9
                                                                                                                                0x704360be
                                                                                                                                0x704360d2
                                                                                                                                0x704360d6
                                                                                                                                0x704360e4
                                                                                                                                0x704360ea
                                                                                                                                0x704360ec
                                                                                                                                0x704360ed
                                                                                                                                0x704360ff
                                                                                                                                0x70436101
                                                                                                                                0x70436103
                                                                                                                                0x70436114
                                                                                                                                0x70436115
                                                                                                                                0x7043611a
                                                                                                                                0x7043611a
                                                                                                                                0x70436105
                                                                                                                                0x70436105
                                                                                                                                0x70436107
                                                                                                                                0x70436108
                                                                                                                                0x7043610d
                                                                                                                                0x70436111
                                                                                                                                0x7043611c
                                                                                                                                0x704360ea
                                                                                                                                0x7043611e
                                                                                                                                0x70436128

                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32(?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 704360B1
                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 704360B9
                                                                                                                                  • Part of subcall function 70435F6F: TlsGetValue.KERNEL32(704360BE,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435F75
                                                                                                                                  • Part of subcall function 70435F6F: TlsSetValue.KERNEL32(00000000,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435F92
                                                                                                                                • TlsGetValue.KERNEL32(?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 704360CA
                                                                                                                                • __calloc_crt.LIBCMT ref: 704360DF
                                                                                                                                  • Part of subcall function 7043A2BA: __calloc_impl.LIBCMT ref: 7043A2CB
                                                                                                                                  • Part of subcall function 7043A2BA: Sleep.KERNEL32(00000000,?,70433EBE,00000000), ref: 7043A2E2
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435EFB
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(00000006,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F12
                                                                                                                                  • Part of subcall function 70435EE9: RtlDecodePointer.NTDLL(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F51
                                                                                                                                  • Part of subcall function 70435FE0: GetModuleHandleW.KERNEL32(KERNELBASE.DLL,7043C748,0000000C,7043610D,00000000,00000000,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70435FF7
                                                                                                                                  • Part of subcall function 70435FE0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 70436005
                                                                                                                                  • Part of subcall function 70435FE0: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 7043602E
                                                                                                                                  • Part of subcall function 70435FE0: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 7043603E
                                                                                                                                  • Part of subcall function 70435FE0: InterlockedIncrement.KERNEL32(7043E5C0), ref: 70436060
                                                                                                                                  • Part of subcall function 70435FE0: __lock.LIBCMT ref: 70436068
                                                                                                                                  • Part of subcall function 70435FE0: ___addlocaleref.LIBCMT ref: 70436087
                                                                                                                                • SetLastError.KERNEL32(00000000,?,70433EBE,704392FB,704351F2,?,?,70433EBE,00000000), ref: 7043611E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Value$AddressErrorHandleLastModuleProc$DecodeIncrementInterlockedPointerSleep___addlocaleref___set_flsgetvalue__calloc_crt__calloc_impl__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2928469602-0
                                                                                                                                • Opcode ID: 32eaae081120e7ef20f55a81db6907f8bdb4ddf287aa7ba93c97de17523b0e2c
                                                                                                                                • Instruction ID: 4a0ab19f963625522d80d5ada8ec7697e8980dc0da0aa2d8982e03a6645bc822
                                                                                                                                • Opcode Fuzzy Hash: 32eaae081120e7ef20f55a81db6907f8bdb4ddf287aa7ba93c97de17523b0e2c
                                                                                                                                • Instruction Fuzzy Hash: A8F0F4334025326FD61617769C0BB9EFF349B496A4F626128F525B22F2DE6988124AA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70988AB7, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 47%
                                                                                                                                			E70988AB7(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				void* _t16;
				void* _t22;
				intOrPtr _t25;
				void* _t27;

				_push(0xc);
				_push(0x70993878);
				_t8 = E70988D28(__ebx, __edi, __esi);
				_t25 =  *((intOrPtr*)(_t27 + 8));
				if(_t25 == 0) {
					L9:
					return E70988D6D(_t8);
				}
				if( *0x70998d20 != 3) {
					_push(_t25);
					L7:
					_t8 = HeapFree( *0x709973c4, 0, ??);
					_t33 = _t8;
					if(_t8 == 0) {
						_t10 = E7098CA4D(_t33);
						 *_t10 = E7098CA06(GetLastError());
					}
					goto L9;
				}
				E7098DA52(__ebx, _t16, _t22, __edi, 4);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				_t13 = E7098DADD(_t25);
				 *((intOrPtr*)(_t27 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t25);
					_push(_t13);
					E7098DB12();
				}
				 *(_t27 - 4) = 0xfffffffe;
				_t8 = E70988B0D();
				if( *((intOrPtr*)(_t27 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t27 + 8)));
					goto L7;
				}
			}









                                                                                                                                0x70988ab7
                                                                                                                                0x70988ab9
                                                                                                                                0x70988abe
                                                                                                                                0x70988ac3
                                                                                                                                0x70988ac8
                                                                                                                                0x70988b3f
                                                                                                                                0x70988b44
                                                                                                                                0x70988b44
                                                                                                                                0x70988ad1
                                                                                                                                0x70988b16
                                                                                                                                0x70988b17
                                                                                                                                0x70988b1f
                                                                                                                                0x70988b25
                                                                                                                                0x70988b27
                                                                                                                                0x70988b29
                                                                                                                                0x70988b3c
                                                                                                                                0x70988b3e
                                                                                                                                0x00000000
                                                                                                                                0x70988b27
                                                                                                                                0x70988ad5
                                                                                                                                0x70988adb
                                                                                                                                0x70988ae0
                                                                                                                                0x70988ae6
                                                                                                                                0x70988aeb
                                                                                                                                0x70988aed
                                                                                                                                0x70988aee
                                                                                                                                0x70988aef
                                                                                                                                0x70988af5
                                                                                                                                0x70988af6
                                                                                                                                0x70988afd
                                                                                                                                0x70988b06
                                                                                                                                0x00000000
                                                                                                                                0x70988b08
                                                                                                                                0x70988b08
                                                                                                                                0x00000000
                                                                                                                                0x70988b08

                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 70988AD5
                                                                                                                                  • Part of subcall function 7098DA52: __mtinitlocknum.LIBCMT ref: 7098DA68
                                                                                                                                  • Part of subcall function 7098DA52: __amsg_exit.LIBCMT ref: 7098DA74
                                                                                                                                  • Part of subcall function 7098DA52: EnterCriticalSection.KERNEL32(?,?,?,70989180,00000004,709938D8,0000000C,7098EFB3,70986DBD,?,00000000,00000000,00000000,?,70989F4E,00000001), ref: 7098DA7C
                                                                                                                                • ___sbh_find_block.LIBCMT ref: 70988AE0
                                                                                                                                • ___sbh_free_block.LIBCMT ref: 70988AEF
                                                                                                                                • HeapFree.KERNEL32(00000000,70986DBD,70993878,0000000C,7098DA2E,00000000,70993BA0,0000000C,7098DA6D,70986DBD,?,?,70989180,00000004,709938D8,0000000C), ref: 70988B1F
                                                                                                                                • GetLastError.KERNEL32(?,70989180,00000004,709938D8,0000000C,7098EFB3,70986DBD,?,00000000,00000000,00000000,?,70989F4E,00000001,00000214), ref: 70988B30
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2714421763-0
                                                                                                                                • Opcode ID: f8dc93b48d6c1a7ed496f7bc655e35affe0f2ecbcc3f6345c0c43e3fbd39e281
                                                                                                                                • Instruction ID: 776385130ea302a9b21fdd9606354455eb869f744a80845842686d4b68877232
                                                                                                                                • Opcode Fuzzy Hash: f8dc93b48d6c1a7ed496f7bc655e35affe0f2ecbcc3f6345c0c43e3fbd39e281
                                                                                                                                • Instruction Fuzzy Hash: 9301A2B2905305EEDB259FB19C06B4FBBBCAF403A8F204119F405AA3C0DB35A8409B67
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70435202, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 47%
                                                                                                                                			E70435202(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				void* _t16;
				void* _t22;
				intOrPtr _t25;
				void* _t27;

				_push(0xc);
				_push(0x7043c6c8);
				_t8 = E70434970(__ebx, __edi, __esi);
				_t25 =  *((intOrPtr*)(_t27 + 8));
				if(_t25 == 0) {
					L9:
					return E704349B5(_t8);
				}
				if( *0x7043f95c != 3) {
					_push(_t25);
					L7:
					_t8 = HeapFree( *0x7043f02c, 0, ??);
					_t33 = _t8;
					if(_t8 == 0) {
						_t10 = E704392F6(_t33);
						 *_t10 = E704392AF(GetLastError());
					}
					goto L9;
				}
				E7043857A(__ebx, _t16, _t22, __edi, 4);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				_t13 = E70438605(_t25);
				 *((intOrPtr*)(_t27 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t25);
					_push(_t13);
					E7043863A();
				}
				 *(_t27 - 4) = 0xfffffffe;
				_t8 = E70435258();
				if( *((intOrPtr*)(_t27 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t27 + 8)));
					goto L7;
				}
			}









                                                                                                                                0x70435202
                                                                                                                                0x70435204
                                                                                                                                0x70435209
                                                                                                                                0x7043520e
                                                                                                                                0x70435213
                                                                                                                                0x7043528a
                                                                                                                                0x7043528f
                                                                                                                                0x7043528f
                                                                                                                                0x7043521c
                                                                                                                                0x70435261
                                                                                                                                0x70435262
                                                                                                                                0x7043526a
                                                                                                                                0x70435270
                                                                                                                                0x70435272
                                                                                                                                0x70435274
                                                                                                                                0x70435287
                                                                                                                                0x70435289
                                                                                                                                0x00000000
                                                                                                                                0x70435272
                                                                                                                                0x70435220
                                                                                                                                0x70435226
                                                                                                                                0x7043522b
                                                                                                                                0x70435231
                                                                                                                                0x70435236
                                                                                                                                0x70435238
                                                                                                                                0x70435239
                                                                                                                                0x7043523a
                                                                                                                                0x70435240
                                                                                                                                0x70435241
                                                                                                                                0x70435248
                                                                                                                                0x70435251
                                                                                                                                0x00000000
                                                                                                                                0x70435253
                                                                                                                                0x70435253
                                                                                                                                0x00000000
                                                                                                                                0x70435253

                                                                                                                                APIs
                                                                                                                                • __lock.LIBCMT ref: 70435220
                                                                                                                                  • Part of subcall function 7043857A: __mtinitlocknum.LIBCMT ref: 70438590
                                                                                                                                  • Part of subcall function 7043857A: __amsg_exit.LIBCMT ref: 7043859C
                                                                                                                                  • Part of subcall function 7043857A: EnterCriticalSection.KERNEL32(?,?,?,70435316,00000004,7043C6E8,0000000C,7043A2D0,70433EBE,?,00000000,00000000,00000000,?,704360E4,00000001), ref: 704385A4
                                                                                                                                • ___sbh_find_block.LIBCMT ref: 7043522B
                                                                                                                                • ___sbh_free_block.LIBCMT ref: 7043523A
                                                                                                                                • HeapFree.KERNEL32(00000000,70433EBE,7043C6C8,0000000C,70438556,00000000,7043C990,0000000C,70438595,70433EBE,?,?,70435316,00000004,7043C6E8,0000000C), ref: 7043526A
                                                                                                                                • GetLastError.KERNEL32(?,70435316,00000004,7043C6E8,0000000C,7043A2D0,70433EBE,?,00000000,00000000,00000000,?,704360E4,00000001,00000214), ref: 7043527B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2714421763-0
                                                                                                                                • Opcode ID: 6401adee16e863dfea1a0594384ba59953c9c07bb8b09e121f4e1c3c2e429f71
                                                                                                                                • Instruction ID: e73a9330e9a7b4a8375016b109fc848fd6671d3145385c6f942c2d8a2e88be69
                                                                                                                                • Opcode Fuzzy Hash: 6401adee16e863dfea1a0594384ba59953c9c07bb8b09e121f4e1c3c2e429f71
                                                                                                                                • Instruction Fuzzy Hash: 86012C72805305EEDB215BB19C0A74FFFB4AF4D269FA0615DF405B6190CB7CA9408E54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E2260, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/shift.c,0000009E), ref: 013E23FB
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013E2430
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?), ref: 013E244D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/shift.c, xrefs: 013E23F0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memmovememset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/shift.c
                                                                                                                                • API String ID: 2992650237-807000404
                                                                                                                                • Opcode ID: 03fe94c9e26d5cdd43d2e2007d6e1060f0cf6cac212310f4f676f88e24011fd4
                                                                                                                                • Instruction ID: 631c8e4340d54eb717fb65b0d724e1a30acf559d1ab510a843a52b21cf879c25
                                                                                                                                • Opcode Fuzzy Hash: 03fe94c9e26d5cdd43d2e2007d6e1060f0cf6cac212310f4f676f88e24011fd4
                                                                                                                                • Instruction Fuzzy Hash: F1717D75A083169FD724DF1DC484A2AB7E9FF98308F048A2DE999A7391D730B805CF41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098A8AD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 54%
                                                                                                                                			E7098A8AD(void* __ecx) {
				struct HINSTANCE__* _v8;
				CHAR* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t31;
				signed int _t35;
				signed int _t37;
				signed int _t40;
				signed int _t52;
				signed int _t53;
				void* _t54;
				void* _t57;
				signed int _t58;

				_t51 = __ecx;
				_v8 = 0;
				_v16 = 0;
				if( *0x70998e4c == 0) {
					E7098C52B(__ecx);
				}
				 *0x709973bc = 0;
				GetModuleFileNameA(0, 0x709972b8, 0x104);
				_t31 =  *0x70998e5c;
				 *0x70997290 = 0x709972b8;
				if(_t31 == 0) {
					L4:
					_v12 = 0x709972b8;
					goto L5;
				} else {
					_v12 = _t31;
					if( *_t31 != 0) {
						L5:
						E7098A6C6(_t51,  &_v16, _v12, 0, 0,  &_v8);
						_t61 = _v8;
						_push( &_v24);
						_t52 = 4;
						_t35 = _v8;
						_push(_t35 * _t52 >> 0x20);
						_push(_t35 * _t52);
						_t37 = E7098A696();
						if(_t37 < 0) {
							L10:
							return _t37 | 0xffffffff;
						}
						_push( &_v20);
						_t40 = _v16;
						_t53 = 4;
						_push(_t40 * _t53 >> 0x20);
						_push(_t40 * _t53);
						_t37 = E7098A696();
						if(_t37 < 0) {
							goto L10;
						}
						_t37 = E70989488(_v24, _v20,  &_v24);
						if(_t37 < 0) {
							goto L10;
						}
						_t37 = E70988B9E(0, _t57, _v24);
						_t58 = _t37;
						_pop(_t54);
						if(_t58 == 0) {
							goto L10;
						}
						E7098A6C6(_t54,  &_v16, _v12, _t58, _t58 + _t61 * 4,  &_v8);
						 *0x70997274 = _v8 - 1;
						 *0x70997278 = _t58;
						return 0;
					}
					goto L4;
				}
			}




















                                                                                                                                0x7098a8ad
                                                                                                                                0x7098a8ba
                                                                                                                                0x7098a8bd
                                                                                                                                0x7098a8c6
                                                                                                                                0x7098a8c8
                                                                                                                                0x7098a8c8
                                                                                                                                0x7098a8d9
                                                                                                                                0x7098a8df
                                                                                                                                0x7098a8e5
                                                                                                                                0x7098a8ea
                                                                                                                                0x7098a8f2
                                                                                                                                0x7098a8fb
                                                                                                                                0x7098a8fb
                                                                                                                                0x00000000
                                                                                                                                0x7098a8f4
                                                                                                                                0x7098a8f4
                                                                                                                                0x7098a8f9
                                                                                                                                0x7098a8fe
                                                                                                                                0x7098a90a
                                                                                                                                0x7098a90f
                                                                                                                                0x7098a915
                                                                                                                                0x7098a918
                                                                                                                                0x7098a919
                                                                                                                                0x7098a91d
                                                                                                                                0x7098a91e
                                                                                                                                0x7098a91f
                                                                                                                                0x7098a929
                                                                                                                                0x7098a994
                                                                                                                                0x00000000
                                                                                                                                0x7098a994
                                                                                                                                0x7098a92e
                                                                                                                                0x7098a92f
                                                                                                                                0x7098a934
                                                                                                                                0x7098a937
                                                                                                                                0x7098a938
                                                                                                                                0x7098a939
                                                                                                                                0x7098a943
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a94f
                                                                                                                                0x7098a959
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a95e
                                                                                                                                0x7098a963
                                                                                                                                0x7098a965
                                                                                                                                0x7098a968
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098a979
                                                                                                                                0x7098a985
                                                                                                                                0x7098a98a
                                                                                                                                0x00000000
                                                                                                                                0x7098a990
                                                                                                                                0x00000000
                                                                                                                                0x7098a8f9

                                                                                                                                APIs
                                                                                                                                • ___initmbctable.LIBCMT ref: 7098A8C8
                                                                                                                                  • Part of subcall function 7098C52B: __setmbcp.LIBCMT ref: 7098C536
                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe,00000104,?,?,?,?,?,70987706), ref: 7098A8DF
                                                                                                                                • _malloc.LIBCMT ref: 7098A95E
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe, xrefs: 7098A8D2, 7098A8D7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileModuleName___initmbctable__setmbcp_malloc
                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\SideQuest\platform-tools\adb.exe
                                                                                                                                • API String ID: 2586856902-586454177
                                                                                                                                • Opcode ID: 86e6bc5109616e97f6e3234e527b4406f2aa2f31be4eb44dd46429ebb220c8d5
                                                                                                                                • Instruction ID: 126593d4996dc2b12ca6ddce744dc74d5ef95fdea4f240f01c045f2367cbaf81
                                                                                                                                • Opcode Fuzzy Hash: 86e6bc5109616e97f6e3234e527b4406f2aa2f31be4eb44dd46429ebb220c8d5
                                                                                                                                • Instruction Fuzzy Hash: 0C319AB2D14149BFEB01DFA6CD41AAEB77CEB44214F144479F515E3390E631AE049B62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2970, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000070,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000A4), ref: 013F29C0
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F29D4
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F29E7
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/aead.c, xrefs: 013F29B5, 013F2A15
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 3099655129-2050848870
                                                                                                                                • Opcode ID: b4cd72679223aedfa3400c7f19caf68cb342611773034d508ec876f44620cf3f
                                                                                                                                • Instruction ID: 56ea02b8f3c91bd2f8c0e3e22f46e9d4e8fc3d00207bda5db2716935c7389736
                                                                                                                                • Opcode Fuzzy Hash: b4cd72679223aedfa3400c7f19caf68cb342611773034d508ec876f44620cf3f
                                                                                                                                • Instruction Fuzzy Hash: 9C219F72604305EBEA209A19CD40F2FBBA9EFC5B88F14451DF785A7245D672EC208B63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2880, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000067,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,0000007D), ref: 013F28C5
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F28D7
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000073,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,00000082), ref: 013F2914
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 3389987327-2050848870
                                                                                                                                • Opcode ID: de51ea56ceeb0e68d01d461511b3c4e325895bdd392e1394beaf13a68f899e07
                                                                                                                                • Instruction ID: 7a2d7fd0b377d3eb418bb366aac510e66b094637f8055858f88f40d6b20afc1b
                                                                                                                                • Opcode Fuzzy Hash: de51ea56ceeb0e68d01d461511b3c4e325895bdd392e1394beaf13a68f899e07
                                                                                                                                • Instruction Fuzzy Hash: CD21B472A88354FBDB606A548C01F1BBBE8AB94B08F45491CFB89372D1C2B5ED10C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70434EFA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E70434EFA(intOrPtr _a4) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t10;
				intOrPtr _t11;
				void* _t18;
				void* _t19;
				void* _t20;
				intOrPtr _t21;
				intOrPtr _t25;
				void* _t26;
				void* _t29;
				void* _t37;
				signed int _t41;
				intOrPtr _t42;
				intOrPtr* _t46;

				_t10 =  *0x7043fa88; // 0xbbc181ff
				if(_t10 == 0 ||  *0x7043fa84 == 0) {
					L13:
					_t11 = 0;
					__eflags = 0;
				} else {
					_t25 = E70435EE9(_t10);
					_v8 = _t25;
					_t46 = E70435EE9( *0x7043fa84);
					_pop(_t29);
					if(_t46 < _t25) {
						goto L13;
					} else {
						_t41 = _t46 - _t25;
						_t2 = _t41 + 4; // 0x4
						_t51 = _t2 - 4;
						if(_t2 < 4) {
							goto L13;
						} else {
							_push(_t25);
							_t26 = E7043824C(_t25, _t29, _t37, _t41, _t46, _t51);
							_t3 = _t41 + 4; // 0x4
							if(_t26 >= _t3) {
								L12:
								_t42 = _a4;
								 *_t46 = _t42;
								 *0x7043fa84 = E70435E63(_t46 + 4);
								_t11 = _t42;
							} else {
								_t18 = 0x800;
								if(_t26 < 0x800) {
									_t18 = _t26;
								}
								_t19 = _t18 + _t26;
								_t54 = _t19 - _t26;
								if(_t19 < _t26) {
									L9:
									_t20 = _t26 + 0x10;
									_t56 = _t20 - _t26;
									if(_t20 < _t26) {
										goto L13;
									} else {
										_push(_t20);
										_push(_v8);
										_t21 = E704353FE(_t26, _t41, _t46, _t56);
										if(_t21 == 0) {
											goto L13;
										} else {
											goto L11;
										}
									}
								} else {
									_push(_t19);
									_push(_v8);
									_t21 = E704353FE(_t26, _t41, _t46, _t54);
									if(_t21 != 0) {
										L11:
										_t46 = _t21 + (_t41 >> 2) * 4;
										 *0x7043fa88 = E70435E63(_t21);
										goto L12;
									} else {
										goto L9;
									}
								}
							}
						}
					}
				}
				return _t11;
			}






















                                                                                                                                0x70434f00
                                                                                                                                0x70434f0a
                                                                                                                                0x70434fb7
                                                                                                                                0x70434fb7
                                                                                                                                0x70434fb7
                                                                                                                                0x70434f1d
                                                                                                                                0x70434f29
                                                                                                                                0x70434f2b
                                                                                                                                0x70434f33
                                                                                                                                0x70434f36
                                                                                                                                0x70434f39
                                                                                                                                0x00000000
                                                                                                                                0x70434f3b
                                                                                                                                0x70434f3d
                                                                                                                                0x70434f3f
                                                                                                                                0x70434f42
                                                                                                                                0x70434f45
                                                                                                                                0x00000000
                                                                                                                                0x70434f47
                                                                                                                                0x70434f47
                                                                                                                                0x70434f4d
                                                                                                                                0x70434f4f
                                                                                                                                0x70434f55
                                                                                                                                0x70434f9f
                                                                                                                                0x70434f9f
                                                                                                                                0x70434fa2
                                                                                                                                0x70434fad
                                                                                                                                0x70434fb3
                                                                                                                                0x70434f57
                                                                                                                                0x70434f57
                                                                                                                                0x70434f5e
                                                                                                                                0x70434f60
                                                                                                                                0x70434f60
                                                                                                                                0x70434f62
                                                                                                                                0x70434f64
                                                                                                                                0x70434f66
                                                                                                                                0x70434f77
                                                                                                                                0x70434f77
                                                                                                                                0x70434f7a
                                                                                                                                0x70434f7c
                                                                                                                                0x00000000
                                                                                                                                0x70434f7e
                                                                                                                                0x70434f7e
                                                                                                                                0x70434f7f
                                                                                                                                0x70434f82
                                                                                                                                0x70434f8b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70434f8b
                                                                                                                                0x70434f68
                                                                                                                                0x70434f68
                                                                                                                                0x70434f69
                                                                                                                                0x70434f6c
                                                                                                                                0x70434f75
                                                                                                                                0x70434f8d
                                                                                                                                0x70434f91
                                                                                                                                0x70434f9a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70434f75
                                                                                                                                0x70434f66
                                                                                                                                0x70434f55
                                                                                                                                0x70434f45
                                                                                                                                0x70434f39
                                                                                                                                0x70434fbd

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435EFB
                                                                                                                                  • Part of subcall function 70435EE9: TlsGetValue.KERNEL32(00000006,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F12
                                                                                                                                  • Part of subcall function 70435EE9: RtlDecodePointer.NTDLL(70433EBE,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F51
                                                                                                                                  • Part of subcall function 70435EE9: GetModuleHandleW.KERNEL32(KERNELBASE.DLL,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F2D
                                                                                                                                  • Part of subcall function 70435EE9: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,7043599C,?,704351EC,70433EBE,?,?,70433EBE,00000000), ref: 70435F38
                                                                                                                                  • Part of subcall function 70435EE9: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 70435F44
                                                                                                                                • __msize.LIBCMT ref: 70434F48
                                                                                                                                • _realloc.LIBCMT ref: 70434F6C
                                                                                                                                • _realloc.LIBCMT ref: 70434F82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleValue_realloc$AddressDecodePointerProc__msize
                                                                                                                                • String ID: >Cp
                                                                                                                                • API String ID: 2129403829-2398856214
                                                                                                                                • Opcode ID: d880f40b935c55504ea45a48c19beffdb16b2e5bfb05b595668e034b90f482a4
                                                                                                                                • Instruction ID: 3b34ca6bd5248cd1db07bef5fb3ef653d5cd84cf7bf0b4e6f5a716cbb0efff7f
                                                                                                                                • Opcode Fuzzy Hash: d880f40b935c55504ea45a48c19beffdb16b2e5bfb05b595668e034b90f482a4
                                                                                                                                • Instruction Fuzzy Hash: D811B773204201AFDB019B659D829CEFBE9DB8D164FA4243EF846F3240EAB9F9408650
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F88A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHA512_Update.ADB(?,?,?), ref: 013F8A5D
                                                                                                                                  • Part of subcall function 01411750: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,013F8A62,?,?,?), ref: 014117AA
                                                                                                                                • SHA512_Final.ADB(?), ref: 013F8A67
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,0000007F,?,?,?,013F8A6C,?), ref: 0141186E
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,00000070,?,?,?,013F8A6C,?), ref: 0141189B
                                                                                                                                • OPENSSL_cleanse.ADB(?,000000D8), ref: 013F8A75
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A512_memset$FinalL_cleanseUpdatememcpy
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 278196808-4108050209
                                                                                                                                • Opcode ID: 23e65f1c75fcceff600da4e70fbc297f890dcf71dd0a3b27eaffb96eca2e853f
                                                                                                                                • Instruction ID: 30d4632f0f8aed08e3e66624060b8023de7ccf7cda1fa1c0cb9a10a1d4613595
                                                                                                                                • Opcode Fuzzy Hash: 23e65f1c75fcceff600da4e70fbc297f890dcf71dd0a3b27eaffb96eca2e853f
                                                                                                                                • Instruction Fuzzy Hash: 8F418DB14097808BF3209F15D92979BBBF4BFD5348F009A0CE9D81A2A1D7BA5558CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8A90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHA512_Update.ADB(?,?,?), ref: 013F8C4D
                                                                                                                                  • Part of subcall function 01411750: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,013F8A62,?,?,?), ref: 014117AA
                                                                                                                                • SHA512_Final.ADB(?), ref: 013F8C57
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,0000007F,?,?,?,013F8A6C,?), ref: 0141186E
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,00000070,?,?,?,013F8A6C,?), ref: 0141189B
                                                                                                                                • OPENSSL_cleanse.ADB(?,000000D8), ref: 013F8C65
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A512_memset$FinalL_cleanseUpdatememcpy
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 278196808-2766056989
                                                                                                                                • Opcode ID: 36dd9176e117a50155cd5ad05e3b7391a9d203a3e4cc1904cbb5ff9572330ad6
                                                                                                                                • Instruction ID: 9a0b4d69b7b8d464549641d23cdcb0b3696838cfb1d8360d0deaeed3f1ab1572
                                                                                                                                • Opcode Fuzzy Hash: 36dd9176e117a50155cd5ad05e3b7391a9d203a3e4cc1904cbb5ff9572330ad6
                                                                                                                                • Instruction Fuzzy Hash: 254181B14097808BF3309F15D92979BBBE0BFD5348F009A0CE9D81A2A1D7BA5158CF93
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2FC0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D306C
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D307A
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D305E
                                                                                                                                • algorithm %d, xrefs: 013D3075
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_add_error_datafR_put_error
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 3714506252-1871829391
                                                                                                                                • Opcode ID: b28fff43561ffd71cb22306f0a8d4d57b968ca3e737b4a3c2e9e22bf42d1c3c8
                                                                                                                                • Instruction ID: db0585d51f38f517000063bc61fecf539e035d1029464864f6248ab3b479d231
                                                                                                                                • Opcode Fuzzy Hash: b28fff43561ffd71cb22306f0a8d4d57b968ca3e737b4a3c2e9e22bf42d1c3c8
                                                                                                                                • Instruction Fuzzy Hash: E811C8B3B042119BE7388A1DFC50B2B7765BB80B18F05842DE65B5B790D7B5AD44C743
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70985934, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 81%
                                                                                                                                			E70985934(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t28;
				char _t31;
				intOrPtr _t32;
				void* _t33;
				void* _t35;
				void* _t50;
				void* _t52;

				_t40 = __ebx;
				_push(0x18);
				E70988000(E70992E9F, __ebx, __edi, __esi);
				_t50 = __ecx;
				 *((intOrPtr*)(_t52 - 0x20)) = 0;
				 *((intOrPtr*)(_t52 - 0x1c)) = 0;
				 *((intOrPtr*)(_t52 - 0x18)) = 0;
				_t28 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *((char*)(_t52 - 4)) = 1;
				if(_t28 == 0xfe ||  *((intOrPtr*)(__ecx + 0x44)) == _t28) {
					E70984134(L"BulkRead");
					 *((char*)(_t52 - 0x14)) =  *((intOrPtr*)(_t50 + 0x45));
					_t31 =  *((intOrPtr*)(_t50 + 0x44));
					goto L8;
				} else {
					if(_t28 == 0xfc ||  *((intOrPtr*)(__ecx + 0x46)) == _t28) {
						E70984134(L"BulkWrite");
						 *((char*)(_t52 - 0x14)) =  *((intOrPtr*)(_t50 + 0x47));
						_t31 =  *((intOrPtr*)(_t50 + 0x46));
						L8:
						 *((char*)(_t52 + 8)) = _t31;
						_t32 =  *((intOrPtr*)(_t52 - 0x20));
						 *((intOrPtr*)(_t52 - 4)) = 0;
						__eflags = _t32;
						if(__eflags == 0) {
							_t32 = 0x709812f0;
						}
						_push( *((intOrPtr*)(_t52 + 0x10)));
						_push( *((intOrPtr*)(_t52 + 0xc)));
						_push( *((intOrPtr*)(_t52 + 8)));
						_push( *((intOrPtr*)(_t52 - 0x14)));
						_push(_t32);
						_t33 = E7098586C(_t40, _t50, 0, _t50, __eflags);
						E70983EFC(_t52 - 0x24, 1);
						_t35 = _t33;
						goto L5;
					} else {
						SetLastError(0x57);
						E70983EFC(_t52 - 0x24, 1);
						_t35 = 0;
						L5:
						return E709880B4(_t35);
					}
				}
			}










                                                                                                                                0x70985934
                                                                                                                                0x70985934
                                                                                                                                0x7098593b
                                                                                                                                0x70985940
                                                                                                                                0x70985944
                                                                                                                                0x70985947
                                                                                                                                0x7098594a
                                                                                                                                0x7098594d
                                                                                                                                0x70985950
                                                                                                                                0x70985953
                                                                                                                                0x70985959
                                                                                                                                0x709859a5
                                                                                                                                0x709859ad
                                                                                                                                0x709859b0
                                                                                                                                0x00000000
                                                                                                                                0x70985960
                                                                                                                                0x70985962
                                                                                                                                0x7098598d
                                                                                                                                0x70985995
                                                                                                                                0x70985998
                                                                                                                                0x709859b3
                                                                                                                                0x709859b3
                                                                                                                                0x709859b6
                                                                                                                                0x709859b9
                                                                                                                                0x709859bc
                                                                                                                                0x709859be
                                                                                                                                0x709859c0
                                                                                                                                0x709859c0
                                                                                                                                0x709859c5
                                                                                                                                0x709859ca
                                                                                                                                0x709859cd
                                                                                                                                0x709859d0
                                                                                                                                0x709859d3
                                                                                                                                0x709859d4
                                                                                                                                0x709859e0
                                                                                                                                0x709859e5
                                                                                                                                0x00000000
                                                                                                                                0x70985969
                                                                                                                                0x7098596b
                                                                                                                                0x70985976
                                                                                                                                0x7098597b
                                                                                                                                0x7098597d
                                                                                                                                0x70985982
                                                                                                                                0x70985982
                                                                                                                                0x70985962

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 7098593B
                                                                                                                                • SetLastError.KERNEL32(00000057,00000018), ref: 7098596B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorH_prolog3_catchLast
                                                                                                                                • String ID: BulkRead$BulkWrite
                                                                                                                                • API String ID: 3263087082-3397223474
                                                                                                                                • Opcode ID: 58f5ec182ce6512725fc18ba0463d7a55cddd97ab8dcd13e0f05d96193bffc8d
                                                                                                                                • Instruction ID: a4fb5ec5777c3db30a4823a98482359e2d7f270e61c7143c4091e1ff6bdff84f
                                                                                                                                • Opcode Fuzzy Hash: 58f5ec182ce6512725fc18ba0463d7a55cddd97ab8dcd13e0f05d96193bffc8d
                                                                                                                                • Instruction Fuzzy Hash: 8021D235904388EECF11CFA488416DEFFB85F25200F50408AE592A73D1C6769E49DB63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F87A0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHA256_Update.ADB(?,?,?), ref: 013F8873
                                                                                                                                  • Part of subcall function 014103B0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000040,?,?,?,?,013F8778,?,?,?), ref: 01410417
                                                                                                                                • SHA256_Final.ADB(?), ref: 013F887D
                                                                                                                                  • Part of subcall function 01410510: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,0000003F,?,?,?,013F8782,?), ref: 0141053B
                                                                                                                                  • Part of subcall function 01410510: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,00000038,?,?,?,013F8782,?), ref: 01410564
                                                                                                                                • OPENSSL_cleanse.ADB(?,00000070), ref: 013F8888
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A256_memset$FinalL_cleanseUpdatememcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2490142882-3916222277
                                                                                                                                • Opcode ID: 019218ff2b814dff65d9b40c2ca171b11ecf8e96f85f7ad8c5bcfb151e3ffa0c
                                                                                                                                • Instruction ID: 6c9c791960efb02e9a139da5048902090ed7ea3355acc0064c51fa4de1a8784f
                                                                                                                                • Opcode Fuzzy Hash: 019218ff2b814dff65d9b40c2ca171b11ecf8e96f85f7ad8c5bcfb151e3ffa0c
                                                                                                                                • Instruction Fuzzy Hash: 112192B14083809BE3109F15D86975BBBF0BFD5748F105A0CF9941A2A0E7BA95888B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC610, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC621
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC637
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?,?,?,?,013F7B19,?,?), ref: 013F8328
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?), ref: 013F833C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000349), ref: 013FC653
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC648
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_cmpP_cmp$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2289754691-1759677748
                                                                                                                                • Opcode ID: 9bffdd367fa23af9aa7c55ad7f0d34eeb617f02426afda2784370f58c88b36d1
                                                                                                                                • Instruction ID: 2d0d3d11dc4a61bb10aedf1ef5c0f0d6419d8b98a60d62a1ce6607fbf81be809
                                                                                                                                • Opcode Fuzzy Hash: 9bffdd367fa23af9aa7c55ad7f0d34eeb617f02426afda2784370f58c88b36d1
                                                                                                                                • Instruction Fuzzy Hash: D0F02B71A442013BEA10662CAC41F0B3758AF9171CF080038FA05A6242F251F52485E7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC1E0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC1F1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC207
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?,?,?,?,013F7B19,?,?), ref: 013F8328
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?), ref: 013F833C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000301), ref: 013FC223
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC218
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_cmpP_cmp$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2289754691-1759677748
                                                                                                                                • Opcode ID: ff9d576edacd7b57fe3b02a9f87c41372f81f9d29562a8ff6fc2e5776f7c1960
                                                                                                                                • Instruction ID: d9ad150caeb8e8a8b1dd82d16d42fa4aa73a7ee80d292f4250fa3e650a605b35
                                                                                                                                • Opcode Fuzzy Hash: ff9d576edacd7b57fe3b02a9f87c41372f81f9d29562a8ff6fc2e5776f7c1960
                                                                                                                                • Instruction Fuzzy Hash: 9FF0E2AAA8121637ED1066ADAC82F0F375CEFA576CF04013CFE0566282F651E52985B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7480, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F74AD
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013F74BE
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F74E9
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F74DE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 1427993062-820803757
                                                                                                                                • Opcode ID: 56067a537985408db80c4d2230fc64cd04989c893fef8b9b623f7c3516159269
                                                                                                                                • Instruction ID: 7800e09ef4174255dfd639766ea80bc7786f5687cee85e270f2c2271b09147b5
                                                                                                                                • Opcode Fuzzy Hash: 56067a537985408db80c4d2230fc64cd04989c893fef8b9b623f7c3516159269
                                                                                                                                • Instruction Fuzzy Hash: 18F0C2F16003119BFB109F15EC85B53BEA4EF90704F48C06AEA099F292D7B1D855CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2C20, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2CC3
                                                                                                                                • algorithm %d, xrefs: 013D2CDA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 0-1871829391
                                                                                                                                • Opcode ID: 0d1724b5fca2ac312a04ae33d24fdf92278a1ed11b6cd6df032973a2aa2a10a2
                                                                                                                                • Instruction ID: 4fd3e5c8c8652b1f5cfd2a26c498998d0d2ea1bfe659ec59a7a64ff09557fd21
                                                                                                                                • Opcode Fuzzy Hash: 0d1724b5fca2ac312a04ae33d24fdf92278a1ed11b6cd6df032973a2aa2a10a2
                                                                                                                                • Instruction Fuzzy Hash: 0BF09072B817215BDA35CA9DEC01B5F7795AB94F10F06842EF94AA7294C270E8408691
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0140C490, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?,?,?,0140A1E5,?,-00000007,?,?), ref: 0140C497
                                                                                                                                • BN_num_bits.ADB(00000000,0140A1E5,?,-00000007,?,?), ref: 0140C4B9
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007E,external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c,00000068,?,0140A1E5,?,-00000007,?,?), ref: 0140C4E8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bits$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa_impl.c
                                                                                                                                • API String ID: 3576805129-4076573493
                                                                                                                                • Opcode ID: c4b67fe9d119da2f4566bda41f1035d66f293837a3bf4d414596ba3b7e0c72e6
                                                                                                                                • Instruction ID: a44159d6a7547e4c1d98861a2cb4cb875410029e61a61f5993d4558a80cabc54
                                                                                                                                • Opcode Fuzzy Hash: c4b67fe9d119da2f4566bda41f1035d66f293837a3bf4d414596ba3b7e0c72e6
                                                                                                                                • Instruction Fuzzy Hash: 75F0A071BD0351BAF931305AAC87F266505B710B14F0A81B7F70AB96E3D8F2EC918146
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7420, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F7432
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F7443
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F746E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F7463
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 1427993062-820803757
                                                                                                                                • Opcode ID: 7d414eab21122605cdea2b726a199f2d263dc4ffd4b091e8c9c1d099cebef0e3
                                                                                                                                • Instruction ID: ffc1deca9dc67d11eeffc26af8a703572422842e84930da8d039ae441b49cd46
                                                                                                                                • Opcode Fuzzy Hash: 7d414eab21122605cdea2b726a199f2d263dc4ffd4b091e8c9c1d099cebef0e3
                                                                                                                                • Instruction Fuzzy Hash: 81F02EF1640311A7FB106F15AC41F577FA8EF90704F448039F605AE1D2E771D855C6A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBB60, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBB6E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002E5), ref: 013FBB8A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,000000CC), ref: 013FBBA1
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FBB7F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmpR_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 3821009922-1759677748
                                                                                                                                • Opcode ID: cad255bfb23c4042e2787cdfbaadf15675753bbdfb647d23f9e5c24d700b3af7
                                                                                                                                • Instruction ID: 5f02cc1b33d8939cfb11eee82745fc979387b31c862a242bf8daaa0245e1bc19
                                                                                                                                • Opcode Fuzzy Hash: cad255bfb23c4042e2787cdfbaadf15675753bbdfb647d23f9e5c24d700b3af7
                                                                                                                                • Instruction Fuzzy Hash: DCE086B2F9432137FE703628FC07F4A36446F60B18F050475FE0D7A1C9E5D2A855459A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098730A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 74%
                                                                                                                                			E7098730A(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a8) {
				signed int _v4;
				char _v13;
				char _v32;
				char _v60;
				signed int _t29;
				void* _t30;
				intOrPtr _t32;
				char* _t38;
				intOrPtr _t43;
				signed int _t45;
				char* _t48;

				_t36 = __ebx;
				_push(0x30);
				E70987FC8(E70992F6F, __ebx, __edi, __esi);
				_push( &_v13);
				E70986E69( &_v32, "string too long");
				_v4 = _v4 & 0x00000000;
				_t38 =  &_v60;
				E70987268(_t38,  &_v32);
				E70988C6D( &_v60, 0x7099376c);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(__esi);
				_push(__edi);
				_t45 = _v4;
				_t48 = _t38;
				_t55 = _t45 - 0xfffffffd;
				if(_t45 > 0xfffffffd) {
					E7098730A(__ebx, _t45, _t48, _t55);
				}
				_t29 =  *(_t48 + 4);
				if(_t29 == 0) {
					L9:
					__eflags = _t45;
					if(_t45 != 0) {
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags =  *((intOrPtr*)(_t48 + 0xc)) - _t45;
							if(__eflags >= 0) {
								goto L20;
							}
							goto L19;
						}
						_t32 =  *((intOrPtr*)(_t48 + 0xc));
						__eflags = _t32 - 0x1f;
						if(_t32 > 0x1f) {
							L17:
							E70986E27(_t48, 1);
							goto L19;
						}
						__eflags = _t32 - _t45;
						if(_t32 >= _t45) {
							goto L20;
						}
						goto L17;
					}
					__eflags = _a8;
					if(_a8 == 0) {
						__eflags = _t29;
						if(_t29 != 0) {
							 *((intOrPtr*)(_t48 + 8)) = 0;
							 *_t29 = 0;
						}
					} else {
						E70986E27(_t48, 1);
					}
					goto L8;
				} else {
					_t43 =  *((intOrPtr*)(_t29 - 1));
					if(_t43 == 0 || _t43 == 0xff) {
						goto L9;
					} else {
						if(_t45 != 0) {
							L19:
							_push(_t45);
							E70986EB1(_t36, _t48, _t45, _t48, __eflags);
							L20:
							_t30 = 1;
							L21:
							return _t30;
						}
						 *((char*)(_t29 - 1)) =  *((char*)(_t29 - 1)) - 1;
						 *(_t48 + 4) = 0;
						 *((intOrPtr*)(_t48 + 8)) = 0;
						 *((intOrPtr*)(_t48 + 0xc)) = 0;
						L8:
						_t30 = 0;
						goto L21;
					}
				}
			}














                                                                                                                                0x7098730a
                                                                                                                                0x7098730a
                                                                                                                                0x70987311
                                                                                                                                0x70987319
                                                                                                                                0x70987322
                                                                                                                                0x70987327
                                                                                                                                0x7098732f
                                                                                                                                0x70987332
                                                                                                                                0x70987340
                                                                                                                                0x70987345
                                                                                                                                0x70987346
                                                                                                                                0x70987347
                                                                                                                                0x70987348
                                                                                                                                0x70987349
                                                                                                                                0x7098734a
                                                                                                                                0x70987350
                                                                                                                                0x70987351
                                                                                                                                0x70987352
                                                                                                                                0x70987355
                                                                                                                                0x70987357
                                                                                                                                0x7098735a
                                                                                                                                0x7098735c
                                                                                                                                0x7098735c
                                                                                                                                0x70987361
                                                                                                                                0x70987368
                                                                                                                                0x7098738a
                                                                                                                                0x7098738a
                                                                                                                                0x7098738c
                                                                                                                                0x709873a9
                                                                                                                                0x709873ac
                                                                                                                                0x709873c5
                                                                                                                                0x709873c8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709873c8
                                                                                                                                0x709873ae
                                                                                                                                0x709873b1
                                                                                                                                0x709873b4
                                                                                                                                0x709873ba
                                                                                                                                0x709873be
                                                                                                                                0x00000000
                                                                                                                                0x709873be
                                                                                                                                0x709873b6
                                                                                                                                0x709873b8
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709873b8
                                                                                                                                0x7098738e
                                                                                                                                0x70987391
                                                                                                                                0x7098739e
                                                                                                                                0x709873a0
                                                                                                                                0x709873a2
                                                                                                                                0x709873a5
                                                                                                                                0x709873a5
                                                                                                                                0x70987393
                                                                                                                                0x70987397
                                                                                                                                0x70987397
                                                                                                                                0x00000000
                                                                                                                                0x7098736a
                                                                                                                                0x7098736a
                                                                                                                                0x7098736f
                                                                                                                                0x00000000
                                                                                                                                0x70987376
                                                                                                                                0x70987378
                                                                                                                                0x709873ca
                                                                                                                                0x709873ca
                                                                                                                                0x709873cd
                                                                                                                                0x709873d2
                                                                                                                                0x709873d2
                                                                                                                                0x709873d4
                                                                                                                                0x709873d7
                                                                                                                                0x709873d7
                                                                                                                                0x7098737a
                                                                                                                                0x7098737d
                                                                                                                                0x70987380
                                                                                                                                0x70987383
                                                                                                                                0x70987386
                                                                                                                                0x70987386
                                                                                                                                0x00000000
                                                                                                                                0x70987386
                                                                                                                                0x7098736f

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3.LIBCMT ref: 70987311
                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 70987332
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 70987340
                                                                                                                                  • Part of subcall function 70988C6D: RaiseException.KERNEL32(?,?,70986E02,?,?,?,?,?,70986E02,?,709935E4,70997204), ref: 70988CAF
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exception
                                                                                                                                • String ID: string too long
                                                                                                                                • API String ID: 3715482749-2556327735
                                                                                                                                • Opcode ID: c372b8a5816dbcc7d3b89f5e329dca6f20ae58e604220d97aee7f371f68d6139
                                                                                                                                • Instruction ID: deba20992d4c3fa916b0a0431f9fe5bd9447184bd7d77f1b1f7d0ed041be279c
                                                                                                                                • Opcode Fuzzy Hash: c372b8a5816dbcc7d3b89f5e329dca6f20ae58e604220d97aee7f371f68d6139
                                                                                                                                • Instruction Fuzzy Hash: F8E0ECB1D2011CAEDB04DAD0DC91FDEB37CAF54208F504126B251E62D0DF64E608C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098AE5B, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 72%
                                                                                                                                			E7098AE5B(void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				void* __ebp;
				intOrPtr* _t12;
				intOrPtr* _t16;
				void* _t20;
				void* _t21;
				void* _t22;

				_t24 = __esi;
				_t23 = __edi;
				_t29 =  *((intOrPtr*)( *_a4)) - 0xe0434f4d;
				if( *((intOrPtr*)( *_a4)) == 0xe0434f4d) {
					_t12 = E70989F98(_t20, __eflags) + 0x90;
					__eflags =  *_t12;
					if( *_t12 > 0) {
						 *_t12 =  *_t12 - 1;
						__eflags =  *_t12;
					}
					goto L9;
				} else {
					__eflags = __eax - 0xe06d7363;
					if(__eflags != 0) {
						L9:
						__eflags = 0;
						return 0;
					} else {
						 *(E70989F98(__ebx, __eflags) + 0x90) =  *(__eax + 0x90) & 0x00000000;
						_push(8);
						_push(0x709939a0);
						E70988D28(_t20, __edi, __esi);
						_t16 =  *((intOrPtr*)(E70989F98(_t20, _t29) + 0x78));
						if(_t16 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t16();
							_v8 = 0xfffffffe;
						}
						return E70988D6D(E7098F063(_t20, _t21, _t22, _t23, _t24));
					}
				}
			}










                                                                                                                                0x7098ae5b
                                                                                                                                0x7098ae5b
                                                                                                                                0x7098ae67
                                                                                                                                0x7098ae6c
                                                                                                                                0x7098ae8b
                                                                                                                                0x7098ae90
                                                                                                                                0x7098ae93
                                                                                                                                0x7098ae95
                                                                                                                                0x7098ae95
                                                                                                                                0x7098ae95
                                                                                                                                0x00000000
                                                                                                                                0x7098ae6e
                                                                                                                                0x7098ae6e
                                                                                                                                0x7098ae73
                                                                                                                                0x7098ae97
                                                                                                                                0x7098ae97
                                                                                                                                0x7098ae9a
                                                                                                                                0x7098ae75
                                                                                                                                0x7098ae7a
                                                                                                                                0x7098acb3
                                                                                                                                0x7098acb5
                                                                                                                                0x7098acba
                                                                                                                                0x7098acc4
                                                                                                                                0x7098acc9
                                                                                                                                0x7098accb
                                                                                                                                0x7098accf
                                                                                                                                0x7098acda
                                                                                                                                0x7098acda
                                                                                                                                0x7098aceb
                                                                                                                                0x7098aceb
                                                                                                                                0x7098ae73

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 7098AE75
                                                                                                                                  • Part of subcall function 70989F98: __amsg_exit.LIBCMT ref: 70989FA8
                                                                                                                                • __getptd.LIBCMT ref: 7098AE86
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __getptd$__amsg_exit
                                                                                                                                • String ID: MOC$csm
                                                                                                                                • API String ID: 1969926928-1389381023
                                                                                                                                • Opcode ID: a87e2cbd4cd9af99e5902a2804c080d1e3c61d82fca61cab208d169580daf330
                                                                                                                                • Instruction ID: 03e8c2f43a0ff63950e81605c45bb21249e27934dfd61655e8a1cf18425d82cf
                                                                                                                                • Opcode Fuzzy Hash: a87e2cbd4cd9af99e5902a2804c080d1e3c61d82fca61cab208d169580daf330
                                                                                                                                • Instruction Fuzzy Hash: 55E0EC355102048FE7119B69C48175C37A9EB49315F1A4491E509CB3E2D739FC919663
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70436F48, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 71%
                                                                                                                                			E70436F48(void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t17;
				void* _t21;
				void* _t22;
				void* _t23;

				_t24 = __edi;
				_t10 =  *((intOrPtr*)( *_a4));
				if(_t10 == 0xe0434f4d) {
					_t12 = E7043612E(_t21, __eflags) + 0x90;
					__eflags =  *_t12;
					if( *_t12 > 0) {
						 *_t12 =  *_t12 - 1;
						__eflags =  *_t12;
					}
					goto L5;
				} else {
					_t31 = _t10 - 0xe06d7363;
					if(_t10 != 0xe06d7363) {
						L5:
						__eflags = 0;
						return 0;
					} else {
						 *(E7043612E(_t21, _t31) + 0x90) =  *(_t14 + 0x90) & 0x00000000;
						_push(8);
						_push(0x7043c8f0);
						E70434970(_t21, __edi, __esi);
						_t17 =  *((intOrPtr*)(E7043612E(_t21, _t31) + 0x78));
						if(_t17 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t17();
							_v8 = 0xfffffffe;
						}
						return E704349B5(E7043A70A(_t21, _t22, _t23, _t24));
					}
				}
			}










                                                                                                                                0x70436f48
                                                                                                                                0x70436f52
                                                                                                                                0x70436f59
                                                                                                                                0x70436f78
                                                                                                                                0x70436f7d
                                                                                                                                0x70436f80
                                                                                                                                0x70436f82
                                                                                                                                0x70436f82
                                                                                                                                0x70436f82
                                                                                                                                0x00000000
                                                                                                                                0x70436f5b
                                                                                                                                0x70436f5b
                                                                                                                                0x70436f60
                                                                                                                                0x70436f84
                                                                                                                                0x70436f84
                                                                                                                                0x70436f87
                                                                                                                                0x70436f62
                                                                                                                                0x70436f67
                                                                                                                                0x70437bd2
                                                                                                                                0x70437bd4
                                                                                                                                0x70437bd9
                                                                                                                                0x70437be3
                                                                                                                                0x70437be8
                                                                                                                                0x70437bea
                                                                                                                                0x70437bee
                                                                                                                                0x70437bf9
                                                                                                                                0x70437bf9
                                                                                                                                0x70437c0a
                                                                                                                                0x70437c0a
                                                                                                                                0x70436f60

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 70436F62
                                                                                                                                  • Part of subcall function 7043612E: __amsg_exit.LIBCMT ref: 7043613E
                                                                                                                                • __getptd.LIBCMT ref: 70436F73
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __getptd$__amsg_exit
                                                                                                                                • String ID: MOC$csm
                                                                                                                                • API String ID: 1969926928-1389381023
                                                                                                                                • Opcode ID: e5c25595de00b84bbd8fb305eda73dd10927a687a982421afb9b2bfe7594852d
                                                                                                                                • Instruction ID: 834eeaafbeee1afffc434d26ba51a94fdea025c42e7e8c9f59fe2dcd96da4f99
                                                                                                                                • Opcode Fuzzy Hash: e5c25595de00b84bbd8fb305eda73dd10927a687a982421afb9b2bfe7594852d
                                                                                                                                • Instruction Fuzzy Hash: 39E08C36200205AFD7108B64D04170CB7B8FB4D318F93A0D5E40DEB322D73CECA09A52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EEC00, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EEC6B
                                                                                                                                • BN_mod_exp_mont_consttime.ADB(00000000,?,?,00000000,?,?), ref: 013EEC95
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,?,?,?), ref: 013EECAA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_mod_exp_mont_consttimeN_mod_mul_montgomeryX_get
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 409904092-0
                                                                                                                                • Opcode ID: 32ae19043af578574b3aedb0ddc935be143030cdb4f3a39b1a849fc2f596731b
                                                                                                                                • Instruction ID: af54292b65ce480f8a89776018fffdbf3a80d2b78e970ec1884a8444a6ddf415
                                                                                                                                • Opcode Fuzzy Hash: 32ae19043af578574b3aedb0ddc935be143030cdb4f3a39b1a849fc2f596731b
                                                                                                                                • Instruction Fuzzy Hash: 0A518C746093169FDB04CE19C58492BFBE5EFC8258F05C52DE8898B382D771EC41CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709920BC, Relevance: 6.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 82%
                                                                                                                                			E709920BC(void* __ebx, signed int __edx, void* __edi, signed int _a4, signed int _a8) {
				signed int _v8;
				void* __ecx;
				void* __esi;
				void* __ebp;
				signed int _t51;
				signed int _t54;
				signed int _t58;
				signed int* _t59;
				void* _t60;
				signed int _t62;
				signed int _t68;
				signed int _t71;
				signed int _t76;
				void* _t78;
				signed int _t84;
				signed int _t85;
				void* _t87;
				signed int _t88;
				void* _t91;
				signed int** _t92;

				_t87 = __edi;
				_t85 = __edx;
				_push(_t78);
				_t92 = _a8;
				_a8 = E70990FE7(__ebx, _t78, __edx, __edi, _t92);
				_t51 = _t92[3];
				_t79 = _t91;
				_t98 = _t51 & 0x00000082;
				if((_t51 & 0x00000082) != 0) {
					__eflags = _t51 & 0x00000040;
					if(__eflags == 0) {
						_push(__ebx);
						__eflags = _t51 & 0x00000001;
						if((_t51 & 0x00000001) == 0) {
							L8:
							_t54 = _t92[3] & 0xffffffef | 0x00000002;
							_t92[3] = _t54;
							_t92[1] = 0;
							_v8 = 0;
							__eflags = _t54 & 0x0000010c;
							if((_t54 & 0x0000010c) == 0) {
								__eflags = _t92 - 0x70996d70;
								if(_t92 == 0x70996d70) {
									L11:
									_t68 = E70990DD5(0, _t79, _t85, _t87, _a8);
									_pop(_t79);
									__eflags = _t68;
									if(__eflags == 0) {
										goto L12;
									}
								} else {
									__eflags = _t92 - 0x70996d90;
									if(__eflags != 0) {
										L12:
										E70990D81(_t79, __eflags, _t92);
										_pop(_t79);
									} else {
										goto L11;
									}
								}
							}
							__eflags = _t92[3] & 0x00000108;
							_push(_t87);
							if(__eflags == 0) {
								_t76 = _a4;
								_t88 = 2;
								_push(_t88);
								_push( &_v8);
								_push(_a8);
								_v8 = _t76;
								_v8 = E70990CA0(_t76, _t79, _t85, _t88, _t92, __eflags);
								goto L25;
							} else {
								_t59 = _t92[2];
								 *_t92 =  &(_t59[0]);
								_t88 =  *_t92 - _t59;
								_t83 = _t92[6];
								__eflags = _t88;
								_t92[1] = _t92[6];
								if(__eflags <= 0) {
									_t84 = _a8;
									__eflags = _t84 - 0xffffffff;
									if(_t84 == 0xffffffff) {
										L20:
										_t60 = 0x70996174;
									} else {
										__eflags = _t84 - 0xfffffffe;
										if(_t84 == 0xfffffffe) {
											goto L20;
										} else {
											_t85 = _t84 >> 5;
											_t60 = (_t84 & 0x0000001f) * 0x24 +  *((intOrPtr*)(0x70998d40 + _t85 * 4));
										}
									}
									__eflags =  *(_t60 + 4) & 0x00000020;
									if(__eflags == 0) {
										goto L23;
									} else {
										_push(2);
										_push(0);
										_push(0);
										_push(_t84);
										_t62 = E709904A1(0, _t84, _t88, _t92, __eflags);
										__eflags = (_t62 & _t85) - 0xffffffff;
										if((_t62 & _t85) == 0xffffffff) {
											goto L26;
										} else {
											goto L23;
										}
									}
								} else {
									_push(_t88);
									_push(_t59);
									_push(_a8);
									_v8 = E70990CA0(0, _t83, _t85, _t88, _t92, __eflags);
									L23:
									_t76 = _a4;
									 *(_t92[2]) = _t76;
									L25:
									__eflags = _v8 - _t88;
									if(_v8 == _t88) {
										_t58 = _t76 & 0x0000ffff;
										__eflags = _t58;
									} else {
										L26:
										_t92[3] = _t92[3] | 0x00000020;
										_t58 = 0xffff;
									}
								}
							}
						} else {
							_t92[1] = 0;
							__eflags = _t51 & 0x00000010;
							if((_t51 & 0x00000010) == 0) {
								_t92[3] = _t51 | 0x00000020;
								_t58 = 0xffff;
							} else {
								_t79 = _t92[2];
								_t71 = _t51 & 0xfffffffe;
								__eflags = _t71;
								 *_t92 = _t92[2];
								_t92[3] = _t71;
								goto L8;
							}
						}
					} else {
						 *((intOrPtr*)(E7098CA4D(__eflags))) = 0x22;
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E7098CA4D(_t98))) = 9;
					L2:
					_t92[3] = _t92[3] | 0x00000020;
					_t58 = 0xffff;
				}
				return _t58;
			}























                                                                                                                                0x709920bc
                                                                                                                                0x709920bc
                                                                                                                                0x709920c1
                                                                                                                                0x709920c3
                                                                                                                                0x709920cc
                                                                                                                                0x709920cf
                                                                                                                                0x709920d2
                                                                                                                                0x709920d3
                                                                                                                                0x709920d5
                                                                                                                                0x709920f0
                                                                                                                                0x709920f2
                                                                                                                                0x70992101
                                                                                                                                0x70992104
                                                                                                                                0x70992106
                                                                                                                                0x7099211e
                                                                                                                                0x70992124
                                                                                                                                0x70992127
                                                                                                                                0x7099212a
                                                                                                                                0x7099212d
                                                                                                                                0x70992130
                                                                                                                                0x70992135
                                                                                                                                0x70992137
                                                                                                                                0x7099213d
                                                                                                                                0x70992147
                                                                                                                                0x7099214a
                                                                                                                                0x7099214f
                                                                                                                                0x70992150
                                                                                                                                0x70992152
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7099213f
                                                                                                                                0x7099213f
                                                                                                                                0x70992145
                                                                                                                                0x70992154
                                                                                                                                0x70992155
                                                                                                                                0x7099215a
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70992145
                                                                                                                                0x7099213d
                                                                                                                                0x7099215b
                                                                                                                                0x70992162
                                                                                                                                0x70992163
                                                                                                                                0x709921f0
                                                                                                                                0x709921f5
                                                                                                                                0x709921f6
                                                                                                                                0x709921fa
                                                                                                                                0x709921fb
                                                                                                                                0x709921fe
                                                                                                                                0x7099220a
                                                                                                                                0x00000000
                                                                                                                                0x70992169
                                                                                                                                0x70992169
                                                                                                                                0x70992171
                                                                                                                                0x70992176
                                                                                                                                0x70992179
                                                                                                                                0x7099217a
                                                                                                                                0x7099217c
                                                                                                                                0x7099217f
                                                                                                                                0x709921a3
                                                                                                                                0x709921a6
                                                                                                                                0x709921a9
                                                                                                                                0x709921c6
                                                                                                                                0x709921c6
                                                                                                                                0x709921ab
                                                                                                                                0x709921ab
                                                                                                                                0x709921ae
                                                                                                                                0x00000000
                                                                                                                                0x709921b0
                                                                                                                                0x709921ba
                                                                                                                                0x709921bd
                                                                                                                                0x709921bd
                                                                                                                                0x709921ae
                                                                                                                                0x709921cb
                                                                                                                                0x709921cf
                                                                                                                                0x00000000
                                                                                                                                0x709921d1
                                                                                                                                0x709921d1
                                                                                                                                0x709921d3
                                                                                                                                0x709921d4
                                                                                                                                0x709921d5
                                                                                                                                0x709921d6
                                                                                                                                0x709921e0
                                                                                                                                0x709921e3
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x709921e3
                                                                                                                                0x70992181
                                                                                                                                0x70992181
                                                                                                                                0x70992182
                                                                                                                                0x70992183
                                                                                                                                0x7099218e
                                                                                                                                0x709921e5
                                                                                                                                0x709921e8
                                                                                                                                0x709921eb
                                                                                                                                0x7099220d
                                                                                                                                0x7099220d
                                                                                                                                0x70992210
                                                                                                                                0x7099221f
                                                                                                                                0x7099221f
                                                                                                                                0x70992212
                                                                                                                                0x70992212
                                                                                                                                0x70992212
                                                                                                                                0x70992216
                                                                                                                                0x70992216
                                                                                                                                0x70992210
                                                                                                                                0x7099217f
                                                                                                                                0x70992108
                                                                                                                                0x70992108
                                                                                                                                0x7099210b
                                                                                                                                0x7099210d
                                                                                                                                0x70992196
                                                                                                                                0x70992199
                                                                                                                                0x70992113
                                                                                                                                0x70992113
                                                                                                                                0x70992116
                                                                                                                                0x70992116
                                                                                                                                0x70992119
                                                                                                                                0x7099211b
                                                                                                                                0x00000000
                                                                                                                                0x7099211b
                                                                                                                                0x7099210d
                                                                                                                                0x709920f4
                                                                                                                                0x709920f9
                                                                                                                                0x00000000
                                                                                                                                0x709920f9
                                                                                                                                0x709920d7
                                                                                                                                0x709920dc
                                                                                                                                0x709920e2
                                                                                                                                0x709920e2
                                                                                                                                0x709920e6
                                                                                                                                0x709920e6
                                                                                                                                0x70992228

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __locking$__fileno__lseeki64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3501863086-0
                                                                                                                                • Opcode ID: 704d36142926be30087c654916430a8d1d47d82b68d7d8c0dc5dbb700e5c29a7
                                                                                                                                • Instruction ID: 1bac9f9b4a130b069f5ce2ae54dd64175c00a19340f9ddc8ceeb8b1c4eea5925
                                                                                                                                • Opcode Fuzzy Hash: 704d36142926be30087c654916430a8d1d47d82b68d7d8c0dc5dbb700e5c29a7
                                                                                                                                • Instruction Fuzzy Hash: 0341E3715247019FD7348F58D841A9E77B8EFC5324B21C62DE9B68B6D0D734E9408B0A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098CAA5, Relevance: 6.1, APIs: 4, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 85%
                                                                                                                                			E7098CAA5(void* __ebx, void* __ecx, signed int __edx, void* __edi, signed int _a4, signed int _a8) {
				void* __esi;
				void* __ebp;
				signed int _t47;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				intOrPtr _t55;
				signed int _t56;
				void* _t57;
				signed int _t62;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				signed int _t69;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr* _t84;

				_t79 = __edi;
				_t78 = __edx;
				_t84 = _a8;
				_a8 = E70990FE7(__ebx, __ecx, __edx, __edi, _t84);
				_t3 = _t84 + 0xc; // 0x7cf05d3b
				_t47 =  *_t3;
				_pop(_t72);
				_t89 = _t47 & 0x00000082;
				if((_t47 & 0x00000082) != 0) {
					__eflags = _t47 & 0x00000040;
					if(__eflags == 0) {
						_push(__ebx);
						_t69 = 0;
						__eflags = _t47 & 0x00000001;
						if((_t47 & 0x00000001) == 0) {
							L8:
							_t17 = _t84 + 0xc; // 0x7cf05d3b
							_t50 =  *_t17 & 0xffffffef | 0x00000002;
							 *(_t84 + 0xc) = _t50;
							 *(_t84 + 4) = _t69;
							__eflags = _t50 & 0x0000010c;
							if((_t50 & 0x0000010c) != 0) {
								L13:
								__eflags =  *(_t84 + 0xc) & 0x00000108;
								_push(_t79);
								if(( *(_t84 + 0xc) & 0x00000108) == 0) {
									_t81 = 1;
									__eflags = 1;
									_push(1);
									_push( &_a4);
									_push(_a8);
									_t52 = E70990CA0(_t69, _t72, _t78, 1, _t84, 1);
									_t69 = _t52;
									L25:
									__eflags = _t69 - _t81;
									if(_t69 == _t81) {
										_t54 = _a4 & 0x000000ff;
										__eflags = _t54;
										L28:
										L29:
										return _t54;
									}
									L26:
									 *(_t84 + 0xc) =  *(_t84 + 0xc) | 0x00000020;
									_t54 = _t52 | 0xffffffff;
									goto L28;
								}
								_t26 = _t84 + 8; // 0x43ffffff
								_t55 =  *_t26;
								_t27 = _t55 + 1; // 0x44000000
								 *_t84 = _t27;
								_t28 = _t84 + 0x18; // 0x78fe0446
								_t81 =  *_t84 - _t55;
								_t75 =  *_t28 - 1;
								__eflags = _t81 - _t69;
								 *(_t84 + 4) =  *_t28 - 1;
								if(__eflags <= 0) {
									_t56 = _a8;
									__eflags = _t56 - 0xffffffff;
									if(_t56 == 0xffffffff) {
										L20:
										_t57 = 0x70996174;
										L21:
										__eflags =  *(_t57 + 4) & 0x00000020;
										if(__eflags == 0) {
											L23:
											_t39 = _t84 + 8; // 0x43ffffff
											_t52 =  *_t39;
											 *_t52 = _a4;
											goto L25;
										}
										_push(2);
										_push(_t69);
										_push(_t69);
										_push(_a8);
										_t52 = E709904A1(_t69, _t75, _t81, _t84, __eflags) & _t78;
										__eflags = _t52 - 0xffffffff;
										if(_t52 == 0xffffffff) {
											goto L26;
										}
										goto L23;
									}
									__eflags = _t56 - 0xfffffffe;
									if(_t56 == 0xfffffffe) {
										goto L20;
									}
									_t75 = _t56 >> 5;
									_t57 = (_t56 & 0x0000001f) * 0x24 +  *((intOrPtr*)(0x70998d40 + (_t56 >> 5) * 4));
									goto L21;
								}
								_push(_t81);
								_push(_t55);
								_push(_a8);
								_t69 = E70990CA0(_t69, _t75, _t78, _t81, _t84, __eflags);
								goto L23;
							}
							__eflags = _t84 - 0x70996d70;
							if(_t84 == 0x70996d70) {
								L11:
								_t62 = E70990DD5(_t69, _t72, _t78, _t79, _a8);
								_pop(_t72);
								__eflags = _t62;
								if(__eflags != 0) {
									goto L13;
								}
								L12:
								E70990D81(_t72, __eflags, _t84);
								_pop(_t72);
								goto L13;
							}
							__eflags = _t84 - 0x70996d90;
							if(__eflags != 0) {
								goto L12;
							}
							goto L11;
						}
						 *(_t84 + 4) = 0;
						__eflags = _t47 & 0x00000010;
						if((_t47 & 0x00000010) == 0) {
							_t64 = _t47 | 0x00000020;
							 *(_t84 + 0xc) = _t64;
							_t54 = _t64 | 0xffffffff;
							goto L29;
						}
						_t15 = _t84 + 8; // 0x43ffffff
						_t72 =  *_t15;
						_t65 = _t47 & 0xfffffffe;
						__eflags = _t65;
						 *_t84 =  *_t15;
						 *(_t84 + 0xc) = _t65;
						goto L8;
					}
					_t66 = E7098CA4D(__eflags);
					 *_t66 = 0x22;
					L2:
					 *(_t84 + 0xc) =  *(_t84 + 0xc) | 0x00000020;
					return _t66 | 0xffffffff;
				}
				_t66 = E7098CA4D(_t89);
				 *_t66 = 9;
				goto L2;
			}





















                                                                                                                                0x7098caa5
                                                                                                                                0x7098caa5
                                                                                                                                0x7098caab
                                                                                                                                0x7098cab4
                                                                                                                                0x7098cab7
                                                                                                                                0x7098cab7
                                                                                                                                0x7098caba
                                                                                                                                0x7098cabb
                                                                                                                                0x7098cabd
                                                                                                                                0x7098cad6
                                                                                                                                0x7098cad8
                                                                                                                                0x7098cae7
                                                                                                                                0x7098cae8
                                                                                                                                0x7098caea
                                                                                                                                0x7098caec
                                                                                                                                0x7098cb00
                                                                                                                                0x7098cb00
                                                                                                                                0x7098cb06
                                                                                                                                0x7098cb09
                                                                                                                                0x7098cb0c
                                                                                                                                0x7098cb0f
                                                                                                                                0x7098cb14
                                                                                                                                0x7098cb3a
                                                                                                                                0x7098cb3a
                                                                                                                                0x7098cb41
                                                                                                                                0x7098cb42
                                                                                                                                0x7098cbc5
                                                                                                                                0x7098cbc5
                                                                                                                                0x7098cbc6
                                                                                                                                0x7098cbca
                                                                                                                                0x7098cbcb
                                                                                                                                0x7098cbce
                                                                                                                                0x7098cbd6
                                                                                                                                0x7098cbd8
                                                                                                                                0x7098cbd8
                                                                                                                                0x7098cbda
                                                                                                                                0x7098cbe8
                                                                                                                                0x7098cbe8
                                                                                                                                0x7098cbed
                                                                                                                                0x7098cbee
                                                                                                                                0x00000000
                                                                                                                                0x7098cbee
                                                                                                                                0x7098cbdc
                                                                                                                                0x7098cbdc
                                                                                                                                0x7098cbe0
                                                                                                                                0x00000000
                                                                                                                                0x7098cbe0
                                                                                                                                0x7098cb44
                                                                                                                                0x7098cb44
                                                                                                                                0x7098cb49
                                                                                                                                0x7098cb4c
                                                                                                                                0x7098cb4e
                                                                                                                                0x7098cb51
                                                                                                                                0x7098cb53
                                                                                                                                0x7098cb54
                                                                                                                                0x7098cb56
                                                                                                                                0x7098cb59
                                                                                                                                0x7098cb77
                                                                                                                                0x7098cb7a
                                                                                                                                0x7098cb7d
                                                                                                                                0x7098cb98
                                                                                                                                0x7098cb98
                                                                                                                                0x7098cb9d
                                                                                                                                0x7098cb9d
                                                                                                                                0x7098cba1
                                                                                                                                0x7098cbb9
                                                                                                                                0x7098cbb9
                                                                                                                                0x7098cbb9
                                                                                                                                0x7098cbbf
                                                                                                                                0x00000000
                                                                                                                                0x7098cbbf
                                                                                                                                0x7098cba3
                                                                                                                                0x7098cba5
                                                                                                                                0x7098cba6
                                                                                                                                0x7098cba7
                                                                                                                                0x7098cbaf
                                                                                                                                0x7098cbb4
                                                                                                                                0x7098cbb7
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098cbb7
                                                                                                                                0x7098cb7f
                                                                                                                                0x7098cb82
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098cb8c
                                                                                                                                0x7098cb8f
                                                                                                                                0x00000000
                                                                                                                                0x7098cb8f
                                                                                                                                0x7098cb5b
                                                                                                                                0x7098cb5c
                                                                                                                                0x7098cb5d
                                                                                                                                0x7098cb68
                                                                                                                                0x00000000
                                                                                                                                0x7098cb68
                                                                                                                                0x7098cb16
                                                                                                                                0x7098cb1c
                                                                                                                                0x7098cb26
                                                                                                                                0x7098cb29
                                                                                                                                0x7098cb2e
                                                                                                                                0x7098cb2f
                                                                                                                                0x7098cb31
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098cb33
                                                                                                                                0x7098cb34
                                                                                                                                0x7098cb39
                                                                                                                                0x00000000
                                                                                                                                0x7098cb39
                                                                                                                                0x7098cb1e
                                                                                                                                0x7098cb24
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098cb24
                                                                                                                                0x7098caee
                                                                                                                                0x7098caf1
                                                                                                                                0x7098caf3
                                                                                                                                0x7098cb6c
                                                                                                                                0x7098cb6f
                                                                                                                                0x7098cb72
                                                                                                                                0x00000000
                                                                                                                                0x7098cb72
                                                                                                                                0x7098caf5
                                                                                                                                0x7098caf5
                                                                                                                                0x7098caf8
                                                                                                                                0x7098caf8
                                                                                                                                0x7098cafb
                                                                                                                                0x7098cafd
                                                                                                                                0x00000000
                                                                                                                                0x7098cafd
                                                                                                                                0x7098cada
                                                                                                                                0x7098cadf
                                                                                                                                0x7098caca
                                                                                                                                0x7098caca
                                                                                                                                0x00000000
                                                                                                                                0x7098cace
                                                                                                                                0x7098cabf
                                                                                                                                0x7098cac4
                                                                                                                                0x00000000

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __locking$__fileno__lseeki64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3501863086-0
                                                                                                                                • Opcode ID: 06b0d2183bfe4848518383c62dd89e9375c7b349796775de9876b7e1456a9f0a
                                                                                                                                • Instruction ID: 41dd92532d156ce1707f850143c02318a69df4ad3d83448496a10dd0b7ac266c
                                                                                                                                • Opcode Fuzzy Hash: 06b0d2183bfe4848518383c62dd89e9375c7b349796775de9876b7e1456a9f0a
                                                                                                                                • Instruction Fuzzy Hash: D541A3B1510B059ED7218F68C842A5E77ACAF85334B20C62DE4BBCB7E0D734E840CB56
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3DC0, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_divN_dup
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1624833734-0
                                                                                                                                • Opcode ID: 9e514afb6b3085bf3dfc408ad64e07a4934fd262a4d1a45fb77894b056ae87d9
                                                                                                                                • Instruction ID: 2df9ba723201bd7b906fe88cfd2ca9dc6e8196f1ee57e8b8ce07315335b0e9e1
                                                                                                                                • Opcode Fuzzy Hash: 9e514afb6b3085bf3dfc408ad64e07a4934fd262a4d1a45fb77894b056ae87d9
                                                                                                                                • Instruction Fuzzy Hash: C521D073204325ABEB215A5A984CB6B7AE9FFC525CF054078EA4C4B2C1E735D815CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098F44A, Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 66%
                                                                                                                                			E7098F44A(void* __edx, void* __eflags) {
				short* _t70;
				short* _t74;
				signed int _t75;
				void* _t77;
				intOrPtr _t78;
				short* _t82;
				int _t84;
				int _t96;
				int _t98;
				void* _t99;
				intOrPtr _t100;

				_t100 =  *((intOrPtr*)(_t99 - 0x18));
				E709894B4(__edx);
				 *(_t99 - 0x20) =  *(_t99 - 0x20) & 0x00000000;
				_push(0xfffffffe);
				_pop(0);
				 *((intOrPtr*)(_t99 - 4)) = 0;
				_t84 =  *(_t99 - 0x2c);
				_t96 =  *(_t99 - 0x30);
				if( *(_t99 - 0x20) != 0) {
					L4:
					if(MultiByteToWideChar( *(_t99 + 0x24), 1,  *(_t99 + 0x14),  *(_t99 + 0x18),  *(_t99 - 0x20), _t96) != 0) {
						_t84 = LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96, 0, 0);
						 *(_t99 - 0x2c) = _t84;
						if(_t84 != 0) {
							if(( *(_t99 + 0x10) & 0x00000400) == 0) {
								 *((intOrPtr*)(_t99 - 4)) = 2;
								__eflags = _t84;
								if(_t84 <= 0) {
									L16:
									_t70 = 0;
									__eflags = 0;
								} else {
									_t75 = 0xffffffe0;
									__eflags = _t75 / _t84 - 2;
									if(_t75 / _t84 < 2) {
										goto L16;
									} else {
										_t35 = _t84 + 8; // 0x8
										_t77 = _t84 + _t35;
										__eflags = _t77 - 0x400;
										if(_t77 > 0x400) {
											_push(0xdddd);
											_t78 = E70988B9E(_t84, _t96, _t77);
										} else {
											E70989680(_t77);
											 *((intOrPtr*)(_t99 - 0x18)) = _t100;
											_t78 = _t100;
											_push(0xcccc);
										}
										_push(_t78);
										_t70 = E7098F2D4();
									}
								}
								 *(_t99 - 0x24) = _t70;
								 *((intOrPtr*)(_t99 - 4)) = 0;
								__eflags =  *(_t99 - 0x24);
								if( *(_t99 - 0x24) != 0) {
									_t98 = 0;
									__eflags = 0;
									goto L22;
								} else {
									_t74 = E70988B9E(_t84, _t96, _t84 + _t84);
									 *(_t99 - 0x24) = _t74;
									_t98 = 0;
									__eflags = _t74;
									if(__eflags != 0) {
										 *(_t99 - 0x28) = 1;
										L22:
										__eflags = LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96,  *(_t99 - 0x24), _t84);
										if(__eflags != 0) {
											_push(_t98);
											_push(_t98);
											__eflags =  *(_t99 + 0x20) - _t98;
											if(__eflags != 0) {
												_push( *(_t99 + 0x20));
												_push( *(_t99 + 0x1c));
											} else {
												_push(_t98);
												_push(_t98);
											}
											_t84 = WideCharToMultiByte( *(_t99 + 0x24), _t98,  *(_t99 - 0x24), _t84, ??, ??, ??, ??);
										}
									}
								}
							} else {
								if( *(_t99 + 0x20) != 0 && _t84 <=  *(_t99 + 0x20)) {
									LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96,  *(_t99 + 0x1c),  *(_t99 + 0x20));
								}
							}
						}
					}
					_t111 =  *(_t99 - 0x28);
					if( *(_t99 - 0x28) == 0) {
						__eflags =  *(_t99 - 0x24);
						if(__eflags != 0) {
							E7098F2EF( *(_t99 - 0x24));
							goto L31;
						}
					} else {
						_push( *(_t99 - 0x24));
						E70988AB7(_t84, _t96, 0, _t111);
						L31:
					}
					_t112 =  *(_t99 - 0x34);
					if( *(_t99 - 0x34) == 0) {
						__eflags =  *(_t99 - 0x20);
						if( *(_t99 - 0x20) != 0) {
							E7098F2EF( *(_t99 - 0x20));
							goto L36;
						}
					} else {
						_push( *(_t99 - 0x20));
						E70988AB7(_t84, _t96, 0, _t112);
						L36:
					}
				} else {
					_t82 = E70988B9E(_t84, _t96, _t96 + _t96);
					 *(_t99 - 0x20) = _t82;
					if(_t82 != 0) {
						 *(_t99 - 0x34) = 1;
						goto L4;
					}
				}
				return E70989668(_t84, _t96, 0);
			}














                                                                                                                                0x7098f44a
                                                                                                                                0x7098f44d
                                                                                                                                0x7098f452
                                                                                                                                0x7098f456
                                                                                                                                0x7098f458
                                                                                                                                0x7098f459
                                                                                                                                0x7098f45c
                                                                                                                                0x7098f45f
                                                                                                                                0x7098f466
                                                                                                                                0x7098f484
                                                                                                                                0x7098f49b
                                                                                                                                0x7098f4b5
                                                                                                                                0x7098f4b7
                                                                                                                                0x7098f4bc
                                                                                                                                0x7098f4ca
                                                                                                                                0x7098f4fa
                                                                                                                                0x7098f501
                                                                                                                                0x7098f503
                                                                                                                                0x7098f540
                                                                                                                                0x7098f540
                                                                                                                                0x7098f540
                                                                                                                                0x7098f505
                                                                                                                                0x7098f507
                                                                                                                                0x7098f50c
                                                                                                                                0x7098f50f
                                                                                                                                0x00000000
                                                                                                                                0x7098f511
                                                                                                                                0x7098f511
                                                                                                                                0x7098f511
                                                                                                                                0x7098f515
                                                                                                                                0x7098f517
                                                                                                                                0x7098f52a
                                                                                                                                0x7098f530
                                                                                                                                0x7098f519
                                                                                                                                0x7098f519
                                                                                                                                0x7098f51e
                                                                                                                                0x7098f521
                                                                                                                                0x7098f523
                                                                                                                                0x7098f523
                                                                                                                                0x7098f536
                                                                                                                                0x7098f537
                                                                                                                                0x7098f53d
                                                                                                                                0x7098f50f
                                                                                                                                0x7098f542
                                                                                                                                0x7098f545
                                                                                                                                0x7098f567
                                                                                                                                0x7098f56b
                                                                                                                                0x7098f589
                                                                                                                                0x7098f589
                                                                                                                                0x00000000
                                                                                                                                0x7098f56d
                                                                                                                                0x7098f571
                                                                                                                                0x7098f577
                                                                                                                                0x7098f57a
                                                                                                                                0x7098f57c
                                                                                                                                0x7098f57e
                                                                                                                                0x7098f580
                                                                                                                                0x7098f58b
                                                                                                                                0x7098f59f
                                                                                                                                0x7098f5a1
                                                                                                                                0x7098f5a3
                                                                                                                                0x7098f5a4
                                                                                                                                0x7098f5a5
                                                                                                                                0x7098f5a8
                                                                                                                                0x7098f5ae
                                                                                                                                0x7098f5b1
                                                                                                                                0x7098f5aa
                                                                                                                                0x7098f5aa
                                                                                                                                0x7098f5ab
                                                                                                                                0x7098f5ab
                                                                                                                                0x7098f5c2
                                                                                                                                0x7098f5c2
                                                                                                                                0x7098f5a1
                                                                                                                                0x7098f57e
                                                                                                                                0x7098f4cc
                                                                                                                                0x7098f4d0
                                                                                                                                0x7098f4ef
                                                                                                                                0x7098f4ef
                                                                                                                                0x7098f4d0
                                                                                                                                0x7098f4ca
                                                                                                                                0x7098f4bc
                                                                                                                                0x7098f5c6
                                                                                                                                0x7098f5c9
                                                                                                                                0x7098f5d5
                                                                                                                                0x7098f5d8
                                                                                                                                0x7098f5dd
                                                                                                                                0x00000000
                                                                                                                                0x7098f5dd
                                                                                                                                0x7098f5cb
                                                                                                                                0x7098f5cb
                                                                                                                                0x7098f5ce
                                                                                                                                0x7098f5e2
                                                                                                                                0x7098f5e2
                                                                                                                                0x7098f5e3
                                                                                                                                0x7098f5e6
                                                                                                                                0x7098f5f2
                                                                                                                                0x7098f5f5
                                                                                                                                0x7098f5fa
                                                                                                                                0x00000000
                                                                                                                                0x7098f5fa
                                                                                                                                0x7098f5e8
                                                                                                                                0x7098f5e8
                                                                                                                                0x7098f5eb
                                                                                                                                0x7098f5ff
                                                                                                                                0x7098f5ff
                                                                                                                                0x7098f468
                                                                                                                                0x7098f46c
                                                                                                                                0x7098f472
                                                                                                                                0x7098f477
                                                                                                                                0x7098f47d
                                                                                                                                0x00000000
                                                                                                                                0x7098f47d
                                                                                                                                0x7098f477
                                                                                                                                0x7098f7c7

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 709894B4: __get_wpgmptr.LIBCMT ref: 709894D2
                                                                                                                                  • Part of subcall function 709894B4: VirtualQuery.KERNEL32(?,?,0000001C), ref: 709894FD
                                                                                                                                  • Part of subcall function 709894B4: GetSystemInfo.KERNEL32(?), ref: 70989515
                                                                                                                                  • Part of subcall function 709894B4: GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 70989544
                                                                                                                                  • Part of subcall function 709894B4: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 7098954F
                                                                                                                                  • Part of subcall function 709894B4: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 7098955B
                                                                                                                                • _malloc.LIBCMT ref: 7098F46C
                                                                                                                                  • Part of subcall function 70988B9E: __FF_MSGBANNER.LIBCMT ref: 70988BC1
                                                                                                                                  • Part of subcall function 70988B9E: HeapAlloc.KERNEL32(00000000,70986DAE,?,00000000,?,?,70986DBD,?), ref: 70988C15
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 7098F493
                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 7098F4AF
                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,?,00000000), ref: 7098F4EF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleString$AddressAllocByteCharHeapInfoMultiProcQuerySystemVirtualWide__get_wpgmptr_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544754454-0
                                                                                                                                • Opcode ID: 188133020218f1b5992d9a696de6581b9b6cd34e6e16ffe5013c3bb70abbbb61
                                                                                                                                • Instruction ID: 4659b3ab00623aec212793468b15a7c928a46bc2f56ab5f2267eee0867c0e8e4
                                                                                                                                • Opcode Fuzzy Hash: 188133020218f1b5992d9a696de6581b9b6cd34e6e16ffe5013c3bb70abbbb61
                                                                                                                                • Instruction Fuzzy Hash: 4F212C32800219EFCF028F94CD55BEDBB79BF18714F20512AFA12712E0E7799960DB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7043B4EB, Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 66%
                                                                                                                                			E7043B4EB(void* __edx, void* __eflags) {
				short* _t70;
				short* _t74;
				signed int _t75;
				void* _t77;
				intOrPtr _t78;
				short* _t82;
				int _t84;
				int _t96;
				int _t98;
				void* _t99;
				intOrPtr _t100;

				_t100 =  *((intOrPtr*)(_t99 - 0x18));
				E7043564A(__edx);
				 *(_t99 - 0x20) =  *(_t99 - 0x20) & 0x00000000;
				_push(0xfffffffe);
				_pop(0);
				 *((intOrPtr*)(_t99 - 4)) = 0;
				_t84 =  *(_t99 - 0x2c);
				_t96 =  *(_t99 - 0x30);
				if( *(_t99 - 0x20) != 0) {
					L4:
					if(MultiByteToWideChar( *(_t99 + 0x24), 1,  *(_t99 + 0x14),  *(_t99 + 0x18),  *(_t99 - 0x20), _t96) != 0) {
						_t84 = LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96, 0, 0);
						 *(_t99 - 0x2c) = _t84;
						if(_t84 != 0) {
							if(( *(_t99 + 0x10) & 0x00000400) == 0) {
								 *((intOrPtr*)(_t99 - 4)) = 2;
								__eflags = _t84;
								if(_t84 <= 0) {
									L16:
									_t70 = 0;
									__eflags = 0;
								} else {
									_t75 = 0xffffffe0;
									__eflags = _t75 / _t84 - 2;
									if(_t75 / _t84 < 2) {
										goto L16;
									} else {
										_t35 = _t84 + 8; // 0x8
										_t77 = _t84 + _t35;
										__eflags = _t77 - 0x400;
										if(_t77 > 0x400) {
											_push(0xdddd);
											_t78 = E70435133(_t84, _t96, _t77);
										} else {
											E70435810(_t77);
											 *((intOrPtr*)(_t99 - 0x18)) = _t100;
											_t78 = _t100;
											_push(0xcccc);
										}
										_push(_t78);
										_t70 = E7043B0CF();
									}
								}
								 *(_t99 - 0x24) = _t70;
								 *((intOrPtr*)(_t99 - 4)) = 0;
								__eflags =  *(_t99 - 0x24);
								if( *(_t99 - 0x24) != 0) {
									_t98 = 0;
									__eflags = 0;
									goto L22;
								} else {
									_t74 = E70435133(_t84, _t96, _t84 + _t84);
									 *(_t99 - 0x24) = _t74;
									_t98 = 0;
									__eflags = _t74;
									if(__eflags != 0) {
										 *(_t99 - 0x28) = 1;
										L22:
										__eflags = LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96,  *(_t99 - 0x24), _t84);
										if(__eflags != 0) {
											_push(_t98);
											_push(_t98);
											__eflags =  *(_t99 + 0x20) - _t98;
											if(__eflags != 0) {
												_push( *(_t99 + 0x20));
												_push( *(_t99 + 0x1c));
											} else {
												_push(_t98);
												_push(_t98);
											}
											_t84 = WideCharToMultiByte( *(_t99 + 0x24), _t98,  *(_t99 - 0x24), _t84, ??, ??, ??, ??);
										}
									}
								}
							} else {
								if( *(_t99 + 0x20) != 0 && _t84 <=  *(_t99 + 0x20)) {
									LCMapStringW( *(_t99 + 0xc),  *(_t99 + 0x10),  *(_t99 - 0x20), _t96,  *(_t99 + 0x1c),  *(_t99 + 0x20));
								}
							}
						}
					}
					_t111 =  *(_t99 - 0x28);
					if( *(_t99 - 0x28) == 0) {
						__eflags =  *(_t99 - 0x24);
						if(__eflags != 0) {
							E7043B0EA( *(_t99 - 0x24));
							goto L31;
						}
					} else {
						_push( *(_t99 - 0x24));
						E70435202(_t84, _t96, 0, _t111);
						L31:
					}
					_t112 =  *(_t99 - 0x34);
					if( *(_t99 - 0x34) == 0) {
						__eflags =  *(_t99 - 0x20);
						if( *(_t99 - 0x20) != 0) {
							E7043B0EA( *(_t99 - 0x20));
							goto L36;
						}
					} else {
						_push( *(_t99 - 0x20));
						E70435202(_t84, _t96, 0, _t112);
						L36:
					}
				} else {
					_t82 = E70435133(_t84, _t96, _t96 + _t96);
					 *(_t99 - 0x20) = _t82;
					if(_t82 != 0) {
						 *(_t99 - 0x34) = 1;
						goto L4;
					}
				}
				return E704357FC(_t84, _t96, 0);
			}














                                                                                                                                0x7043b4eb
                                                                                                                                0x7043b4ee
                                                                                                                                0x7043b4f3
                                                                                                                                0x7043b4f7
                                                                                                                                0x7043b4f9
                                                                                                                                0x7043b4fa
                                                                                                                                0x7043b4fd
                                                                                                                                0x7043b500
                                                                                                                                0x7043b507
                                                                                                                                0x7043b525
                                                                                                                                0x7043b53c
                                                                                                                                0x7043b556
                                                                                                                                0x7043b558
                                                                                                                                0x7043b55d
                                                                                                                                0x7043b56b
                                                                                                                                0x7043b59b
                                                                                                                                0x7043b5a2
                                                                                                                                0x7043b5a4
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5e1
                                                                                                                                0x7043b5a6
                                                                                                                                0x7043b5a8
                                                                                                                                0x7043b5ad
                                                                                                                                0x7043b5b0
                                                                                                                                0x00000000
                                                                                                                                0x7043b5b2
                                                                                                                                0x7043b5b2
                                                                                                                                0x7043b5b2
                                                                                                                                0x7043b5b6
                                                                                                                                0x7043b5b8
                                                                                                                                0x7043b5cb
                                                                                                                                0x7043b5d1
                                                                                                                                0x7043b5ba
                                                                                                                                0x7043b5ba
                                                                                                                                0x7043b5bf
                                                                                                                                0x7043b5c2
                                                                                                                                0x7043b5c4
                                                                                                                                0x7043b5c4
                                                                                                                                0x7043b5d7
                                                                                                                                0x7043b5d8
                                                                                                                                0x7043b5de
                                                                                                                                0x7043b5b0
                                                                                                                                0x7043b5e3
                                                                                                                                0x7043b5e6
                                                                                                                                0x7043b608
                                                                                                                                0x7043b60c
                                                                                                                                0x7043b62a
                                                                                                                                0x7043b62a
                                                                                                                                0x00000000
                                                                                                                                0x7043b60e
                                                                                                                                0x7043b612
                                                                                                                                0x7043b618
                                                                                                                                0x7043b61b
                                                                                                                                0x7043b61d
                                                                                                                                0x7043b61f
                                                                                                                                0x7043b621
                                                                                                                                0x7043b62c
                                                                                                                                0x7043b640
                                                                                                                                0x7043b642
                                                                                                                                0x7043b644
                                                                                                                                0x7043b645
                                                                                                                                0x7043b646
                                                                                                                                0x7043b649
                                                                                                                                0x7043b64f
                                                                                                                                0x7043b652
                                                                                                                                0x7043b64b
                                                                                                                                0x7043b64b
                                                                                                                                0x7043b64c
                                                                                                                                0x7043b64c
                                                                                                                                0x7043b663
                                                                                                                                0x7043b663
                                                                                                                                0x7043b642
                                                                                                                                0x7043b61f
                                                                                                                                0x7043b56d
                                                                                                                                0x7043b571
                                                                                                                                0x7043b590
                                                                                                                                0x7043b590
                                                                                                                                0x7043b571
                                                                                                                                0x7043b56b
                                                                                                                                0x7043b55d
                                                                                                                                0x7043b667
                                                                                                                                0x7043b66a
                                                                                                                                0x7043b676
                                                                                                                                0x7043b679
                                                                                                                                0x7043b67e
                                                                                                                                0x00000000
                                                                                                                                0x7043b67e
                                                                                                                                0x7043b66c
                                                                                                                                0x7043b66c
                                                                                                                                0x7043b66f
                                                                                                                                0x7043b683
                                                                                                                                0x7043b683
                                                                                                                                0x7043b684
                                                                                                                                0x7043b687
                                                                                                                                0x7043b693
                                                                                                                                0x7043b696
                                                                                                                                0x7043b69b
                                                                                                                                0x00000000
                                                                                                                                0x7043b69b
                                                                                                                                0x7043b689
                                                                                                                                0x7043b689
                                                                                                                                0x7043b68c
                                                                                                                                0x7043b6a0
                                                                                                                                0x7043b6a0
                                                                                                                                0x7043b509
                                                                                                                                0x7043b50d
                                                                                                                                0x7043b513
                                                                                                                                0x7043b518
                                                                                                                                0x7043b51e
                                                                                                                                0x00000000
                                                                                                                                0x7043b51e
                                                                                                                                0x7043b518
                                                                                                                                0x7043b868

                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 7043564A: __get_wpgmptr.LIBCMT ref: 70435668
                                                                                                                                  • Part of subcall function 7043564A: VirtualQuery.KERNEL32(?,?,0000001C), ref: 70435693
                                                                                                                                  • Part of subcall function 7043564A: GetSystemInfo.KERNEL32(?), ref: 704356AB
                                                                                                                                  • Part of subcall function 7043564A: GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 704356DA
                                                                                                                                  • Part of subcall function 7043564A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 704356E5
                                                                                                                                  • Part of subcall function 7043564A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 704356F1
                                                                                                                                • _malloc.LIBCMT ref: 7043B50D
                                                                                                                                  • Part of subcall function 70435133: __FF_MSGBANNER.LIBCMT ref: 70435156
                                                                                                                                  • Part of subcall function 70435133: HeapAlloc.KERNEL32(00000000,70433EAF,?,?,?,?,70433EBE,00000000), ref: 704351AA
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 7043B534
                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 7043B550
                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,?,00000000), ref: 7043B590
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModuleString$AddressAllocByteCharHeapInfoMultiProcQuerySystemVirtualWide__get_wpgmptr_malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544754454-0
                                                                                                                                • Opcode ID: 5b06df0169c129b9a81f81117c58e9b41bf34388ebeaa8e47764f9d93e4bf7b1
                                                                                                                                • Instruction ID: 910ab1347f3a76b5dd2ea66c2aaa3955be4ff59c654519845f78547f9e51dab7
                                                                                                                                • Opcode Fuzzy Hash: 5b06df0169c129b9a81f81117c58e9b41bf34388ebeaa8e47764f9d93e4bf7b1
                                                                                                                                • Instruction Fuzzy Hash: 5A21F432800219EBDF028F90DC46BDEFB76BF0C714FA06129FA11721A0C7799961DB95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409EE0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: 380c5668a69ba1614b81910bbce647b36f5fb08539e041acbf9d471092346af6
                                                                                                                                • Instruction ID: 4b0a065dfef29794e0cde309e8b335f74f2d46cdc5c4b886e85f6bee1ebaf6f2
                                                                                                                                • Opcode Fuzzy Hash: 380c5668a69ba1614b81910bbce647b36f5fb08539e041acbf9d471092346af6
                                                                                                                                • Instruction Fuzzy Hash: AB11BE707043125BDF25CE1AD4A076777A8FF55208F44047EED099B3A2C771E8168BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709851C2, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetupDiGetClassDevsW.SETUPAPI(?,00000000,00000000,?), ref: 709851EF
                                                                                                                                  • Part of subcall function 7098506A: __EH_prolog3_catch_GS.LIBCMT ref: 70985074
                                                                                                                                  • Part of subcall function 7098506A: SetupDiEnumDeviceInterfaces.SETUPAPI(?,00000000,?,?,70985219), ref: 709850B9
                                                                                                                                • GetLastError.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,70985A45), ref: 70985224
                                                                                                                                • SetupDiDestroyDeviceInfoList.SETUPAPI(00000000), ref: 7098522D
                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,70985A45), ref: 70985238
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Setup$DeviceErrorLast$ClassDestroyDevsEnumH_prolog3_catch_InfoInterfacesList
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4170426873-0
                                                                                                                                • Opcode ID: 377efc58a7851c33e371b2590e049b53a1278b585b9c646bba30409210d2de2e
                                                                                                                                • Instruction ID: 95fee8f954d8019d359242057170893ddbe472c3b861da701a50b1eca145c4e3
                                                                                                                                • Opcode Fuzzy Hash: 377efc58a7851c33e371b2590e049b53a1278b585b9c646bba30409210d2de2e
                                                                                                                                • Instruction Fuzzy Hash: 6E11BC32804209ABCB01DF658C49BEFBBBAAF06314F100114FC11BB391CA71A90987A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD8C0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_POINT_point2oct.ADB(?,?,?,00000000,00000000), ref: 013FD8E9
                                                                                                                                  • Part of subcall function 013FD940: EC_GROUP_cmp.ADB(00000000,?), ref: 013FD95B
                                                                                                                                  • Part of subcall function 013FD940: ERR_put_error.ADB(0000000F,00000000,00000077,external/boringssl/src/crypto/fipsmodule/ec/oct.c,00000057), ref: 013FD977
                                                                                                                                • OPENSSL_malloc.ADB(00000000), ref: 013FD8F8
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • EC_POINT_point2oct.ADB(?,?,?,00000000,00000000), ref: 013FD915
                                                                                                                                  • Part of subcall function 013FD940: BN_num_bits.ADB(-00000024), ref: 013FDA2D
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD92C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: T_point2oct$L_freeL_mallocN_num_bitsP_cmpR_put_errormalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 566259014-0
                                                                                                                                • Opcode ID: b2b86bad8cbcd9f4b03dac90e13632ec14ac20d3ddf97a7d5add81d87e7a5811
                                                                                                                                • Instruction ID: 64392e880d8e25384ad095dfc981dc7c4f1068a5a8c5e7f2bfe352f15dc48ef9
                                                                                                                                • Opcode Fuzzy Hash: b2b86bad8cbcd9f4b03dac90e13632ec14ac20d3ddf97a7d5add81d87e7a5811
                                                                                                                                • Instruction Fuzzy Hash: FA01F7B26012056BEF20AAE96C08F3B7A9EDF9051CF45003CFF08CA101E531DD11C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8E10, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: 90057a177e01bad5a3234361ed42976e545c42fb35d561f0a9627ffaa4712c1d
                                                                                                                                • Instruction ID: b80b11d67db2c9880b3fa49a732e2ee6d703257b6d6667573d3d558303df81b4
                                                                                                                                • Opcode Fuzzy Hash: 90057a177e01bad5a3234361ed42976e545c42fb35d561f0a9627ffaa4712c1d
                                                                                                                                • Instruction Fuzzy Hash: A8115EB56103999BDF21DE18DC40B9B3768BF6061CF44886DEE5C5F201D371E9168792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01402C70, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,014027E7,?), ref: 01402C7C
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 01402CB4
                                                                                                                                • OPENSSL_free.ADB(?,?,?), ref: 01402CEC
                                                                                                                                • OPENSSL_cleanse.ADB(?,00000034,?,?,?), ref: 01402D21
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_cleanse
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 512131043-0
                                                                                                                                • Opcode ID: d05bc375810f27dc543f80ba2ae0df7eef5689b7a5cb020c3b733e367e0b45bb
                                                                                                                                • Instruction ID: a115a283f31181002bb62fcc704527d27f2b1bf574c81b62089d128f257c138d
                                                                                                                                • Opcode Fuzzy Hash: d05bc375810f27dc543f80ba2ae0df7eef5689b7a5cb020c3b733e367e0b45bb
                                                                                                                                • Instruction Fuzzy Hash: 7B11F6B1510B029BE7219F16E808B47BBF4BF10308F40C928D45A5BAA0D7B6F569CBC1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8D50, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D69
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D84
                                                                                                                                • OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8D9C
                                                                                                                                • OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8DB4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: cd0241591940af747d84549374e7b876509a0c1da9d8d417db896c54c745a947
                                                                                                                                • Instruction ID: 0cac738ce9b3ff68bed86d041da6eb3fe3f1f697f5a96641266307856d5b6fe7
                                                                                                                                • Opcode Fuzzy Hash: cd0241591940af747d84549374e7b876509a0c1da9d8d417db896c54c745a947
                                                                                                                                • Instruction Fuzzy Hash: 1C01D671A1072187DB369E1CE4007EBB3B47F70A5CF99496DE9811B351D331A85387C1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5C70, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(013E580E,?,013E580E,00000000), ref: 013E5C82
                                                                                                                                • OPENSSL_free.ADB(013E580E,?,013E580E,00000000), ref: 013E5C9C
                                                                                                                                • OPENSSL_free.ADB(518D0446,00000000), ref: 013E5CAE
                                                                                                                                • OPENSSL_free.ADB(013E57FA,00000000), ref: 013E5CCD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: 09e4bf4e86eb2c2bb478bb43f7f818311ea80f0c7b73509c280971e96933809b
                                                                                                                                • Instruction ID: 963579b04eb16101319e091acd133295bebb2b9d51ebec4a5c19877a211a8224
                                                                                                                                • Opcode Fuzzy Hash: 09e4bf4e86eb2c2bb478bb43f7f818311ea80f0c7b73509c280971e96933809b
                                                                                                                                • Instruction Fuzzy Hash: 1EF096B991073187DE329F19E5087EE73F45F2061DFC54A2DD8861B251D331E4A38782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098C811, Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 89%
                                                                                                                                			E7098C811(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t25;
				void* _t28;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edi;
				_t24 = __ebx;
				_push(0xc);
				_push(0x70993b80);
				E70988D28(__ebx, __edi, __esi);
				_t32 = E70989F98(__ebx, _t35);
				if(( *(_t32 + 0x70) & 0x00000002) != 0 || ( *0x709966e4 & 0x00000001) == 0) {
					if( *((intOrPtr*)(_t32 + 0x6c)) != 0) {
						_t33 =  *((intOrPtr*)(E70989F98(_t24, __eflags) + 0x6c));
					} else {
						goto L3;
					}
				} else {
					L3:
					E7098DA52(_t24, _t25, _t28, _t29, 0xc);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t9 = _t32 + 0x6c; // 0x6c
					_t30 =  *0x709967c8; // 0x709966f0
					 *((intOrPtr*)(_t34 - 0x1c)) = E7098C7CE(_t9, _t30);
					 *(_t34 - 4) = 0xfffffffe;
					E7098C867();
					_t33 =  *((intOrPtr*)(_t34 - 0x1c));
				}
				if(_t33 == 0) {
					E709899B7(0x20);
				}
				return E70988D6D(_t33);
			}










                                                                                                                                0x7098c811
                                                                                                                                0x7098c811
                                                                                                                                0x7098c811
                                                                                                                                0x7098c811
                                                                                                                                0x7098c813
                                                                                                                                0x7098c818
                                                                                                                                0x7098c822
                                                                                                                                0x7098c828
                                                                                                                                0x7098c837
                                                                                                                                0x7098c875
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098c839
                                                                                                                                0x7098c839
                                                                                                                                0x7098c83b
                                                                                                                                0x7098c841
                                                                                                                                0x7098c845
                                                                                                                                0x7098c848
                                                                                                                                0x7098c853
                                                                                                                                0x7098c856
                                                                                                                                0x7098c85d
                                                                                                                                0x7098c862
                                                                                                                                0x7098c862
                                                                                                                                0x7098c87a
                                                                                                                                0x7098c87e
                                                                                                                                0x7098c883
                                                                                                                                0x7098c88b

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __amsg_exit$__getptd__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4065621789-0
                                                                                                                                • Opcode ID: 0b2bdeab7b631bf7a84f1e08112ecad1663f29c18185ddadcf2d7fc94b663a2a
                                                                                                                                • Instruction ID: f4a83f51039b283e55730ccbc757dae8925c8576a1e18c426412172391dadee7
                                                                                                                                • Opcode Fuzzy Hash: 0b2bdeab7b631bf7a84f1e08112ecad1663f29c18185ddadcf2d7fc94b663a2a
                                                                                                                                • Instruction Fuzzy Hash: 3EF04972D947148ED722DBB48406B4D77A4AF41728F145659E8817B7C0CB78B841CB53
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 70439AB0, Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 90%
                                                                                                                                			E70439AB0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t25;
				void* _t28;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edi;
				_t28 = __edx;
				_t25 = __ecx;
				_t24 = __ebx;
				_push(0xc);
				_push(0x7043c9f0);
				E70434970(__ebx, __edi, __esi);
				_t32 = E7043612E(__ebx, _t35);
				if(( *(_t32 + 0x70) & 0x00000002) != 0 || ( *0x7043ecc4 & 0x00000001) == 0) {
					if( *((intOrPtr*)(_t32 + 0x6c)) != 0) {
						_t33 =  *((intOrPtr*)(E7043612E(_t24, __eflags) + 0x6c));
					} else {
						goto L3;
					}
				} else {
					L3:
					E7043857A(_t24, _t25, _t28, _t29, 0xc);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t9 = _t32 + 0x6c; // 0x6c
					_t30 =  *0x7043e5b0; // 0x7043e4d8
					 *((intOrPtr*)(_t34 - 0x1c)) = E70439A6D(_t9, _t30);
					 *(_t34 - 4) = 0xfffffffe;
					E70439B06();
					_t33 =  *((intOrPtr*)(_t34 - 0x1c));
				}
				if(_t33 == 0) {
					E70435B4D(0x20);
				}
				return E704349B5(_t33);
			}










                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab0
                                                                                                                                0x70439ab2
                                                                                                                                0x70439ab7
                                                                                                                                0x70439ac1
                                                                                                                                0x70439ac7
                                                                                                                                0x70439ad6
                                                                                                                                0x70439b14
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x70439ad8
                                                                                                                                0x70439ad8
                                                                                                                                0x70439ada
                                                                                                                                0x70439ae0
                                                                                                                                0x70439ae4
                                                                                                                                0x70439ae7
                                                                                                                                0x70439af2
                                                                                                                                0x70439af5
                                                                                                                                0x70439afc
                                                                                                                                0x70439b01
                                                                                                                                0x70439b01
                                                                                                                                0x70439b19
                                                                                                                                0x70439b1d
                                                                                                                                0x70439b22
                                                                                                                                0x70439b2a

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __amsg_exit$__getptd__lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4065621789-0
                                                                                                                                • Opcode ID: 4d5abe76fc9e66f426d19b6297ef65ec474b3d657dfcba3fcc20ee75cd00a3ed
                                                                                                                                • Instruction ID: fb9fa9481d4df6e59d56e8ecd6cec9e0f70d5253dce2814c26948d0eb26099a9
                                                                                                                                • Opcode Fuzzy Hash: 4d5abe76fc9e66f426d19b6297ef65ec474b3d657dfcba3fcc20ee75cd00a3ed
                                                                                                                                • Instruction Fuzzy Hash: 56F08C32900345DEDB22A7619C02B8DFAA0AF08228F92725CE851772C1DBACBD41CB41
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 709868B8, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 92%
                                                                                                                                			E709868B8(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t20;
				intOrPtr* _t22;
				void* _t23;

				_push(8);
				E70988000(E70992EFF, __ebx, __edi, __esi);
				_t22 = __ecx;
				_t20 = 0;
				EnterCriticalSection(0x70997144);
				if( *((intOrPtr*)(_t22 + 4)) != 0) {
					SetLastError(0x1f);
				} else {
					 *0x70997130 =  *0x70997130 + 1;
					 *((intOrPtr*)(_t23 - 4)) = 0;
					_t20 =  *0x70997130; // 0x0
					 *((intOrPtr*)(_t23 - 0x14)) = _t20;
					 *((intOrPtr*)(E70986889(_t23 - 0x14))) = _t22;
					 *((intOrPtr*)(_t22 + 4)) = _t20;
					 *((intOrPtr*)( *_t22 + 4))();
				}
				LeaveCriticalSection(0x70997144);
				return E709880B4(_t20);
			}






                                                                                                                                0x709868b8
                                                                                                                                0x709868bf
                                                                                                                                0x709868c4
                                                                                                                                0x709868cb
                                                                                                                                0x709868cd
                                                                                                                                0x709868d6
                                                                                                                                0x7098691f
                                                                                                                                0x709868d8
                                                                                                                                0x709868d8
                                                                                                                                0x709868de
                                                                                                                                0x709868e1
                                                                                                                                0x709868f0
                                                                                                                                0x709868f8
                                                                                                                                0x709868fe
                                                                                                                                0x70986901
                                                                                                                                0x70986901
                                                                                                                                0x7098692a
                                                                                                                                0x70986937

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 709868BF
                                                                                                                                • EnterCriticalSection.KERNEL32(70997144,00000008), ref: 709868CD
                                                                                                                                • SetLastError.KERNEL32(0000001F), ref: 7098691F
                                                                                                                                • LeaveCriticalSection.KERNEL32(70997144), ref: 7098692A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalSection$EnterErrorH_prolog3_catchLastLeave
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3146286802-0
                                                                                                                                • Opcode ID: 9845945c6ef1f32329ca95cea487eb7ebe950ed564e46bd11e356cc45e8d44af
                                                                                                                                • Instruction ID: 0eb6e50be396002a518355c2efb0ddd6b6a87a210a8650ad65684d39be1dc989
                                                                                                                                • Opcode Fuzzy Hash: 9845945c6ef1f32329ca95cea487eb7ebe950ed564e46bd11e356cc45e8d44af
                                                                                                                                • Instruction Fuzzy Hash: D2F03031525200CFC715DF558D4566DBAB9FFC8301B21405AE545AB3E0CF749901ABA7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E06B0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E075C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013E078B
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 129115766-2228489102
                                                                                                                                • Opcode ID: b2edea818f6c9895686d6fcaabf886e0ed61a1f2d0ca3056b7973a8386f57f0f
                                                                                                                                • Instruction ID: 414791afecf87e9867ce81597c1ce23b13c275e44d63fc42206b745e8ec161e5
                                                                                                                                • Opcode Fuzzy Hash: b2edea818f6c9895686d6fcaabf886e0ed61a1f2d0ca3056b7973a8386f57f0f
                                                                                                                                • Instruction Fuzzy Hash: 64218E75B403155BE7154E3CDC46B26B794AFD229CF148329F955B33C1F7B0A550C690
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC680, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC692
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000353), ref: 013FC6AE
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC6A3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1627706831-1759677748
                                                                                                                                • Opcode ID: 0ccdaf1cdf2a7130178a02f0b684b8dc5e3d75f9e08242647e888e6d4b91ab32
                                                                                                                                • Instruction ID: c8ea0258763aeba8d3c66fa312b461ccd7047c643bb5d1360f48df0a0ee36d32
                                                                                                                                • Opcode Fuzzy Hash: 0ccdaf1cdf2a7130178a02f0b684b8dc5e3d75f9e08242647e888e6d4b91ab32
                                                                                                                                • Instruction Fuzzy Hash: 77213236A947095FE3155A7CDC82F76B354EFA229DF04673EE702B6192FB60B0D48250
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098B5B4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E7098B5B4(void* __ebx, void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t37;
				void* _t44;
				void* _t48;
				intOrPtr _t53;
				intOrPtr* _t55;
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr* _t60;
				intOrPtr _t62;
				void* _t64;
				void* _t65;

				_t51 = __ecx;
				_t48 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t60 = _a4;
				_t66 =  *_t60 - 0x80000003;
				if( *_t60 == 0x80000003) {
					L18:
					return _t37;
				}
				_t2 = E70989F98(__ebx, _t66) + 0x80; // 0x80
				_t55 = _t2;
				if( *_t55 == 0 ||  *_t55 == E70989D45() ||  *_t60 == 0xe0434f4d) {
					L5:
					_t56 = _a20;
					_t71 =  *((intOrPtr*)(_t56 + 0xc));
					if( *((intOrPtr*)(_t56 + 0xc)) == 0) {
						E7098AD09(_t48, _t56, _t60, _t71);
					}
					_t62 = _a24;
					_t57 = E70987E3C(_t51, _t56, _a28, _t62,  &_v8,  &_v12);
					_t37 = _v8;
					_t65 = _t64 + 0x14;
					if(_t37 >= _v12) {
						goto L17;
					}
					_push(_t48);
					do {
						if(_t62 >=  *_t57 && _t62 <=  *((intOrPtr*)(_t57 + 4))) {
							_t44 = ( *(_t57 + 0xc) << 4) +  *((intOrPtr*)(_t57 + 0x10));
							_t53 =  *((intOrPtr*)(_t44 - 0xc));
							if(_t53 == 0 ||  *((char*)(_t53 + 8)) == 0) {
								_t50 = _t44 - 0x10;
								if(( *(_t44 - 0x10) & 0x00000040) == 0) {
									E7098B541(_t50, _t57, _a8, _a4, _a12, _a16, _a20, 0, _a28, _a32);
									_t62 = _a24;
									_t65 = _t65 + 0x1c;
								}
							}
						}
						_v8 = _v8 + 1;
						_t37 = _v8;
						_t57 = _t57 + 0x14;
					} while (_t37 < _v12);
					goto L17;
				} else {
					_t37 = E70987CA2(_t60, _a8, _a12, _a16, _a20, _a28, _a32);
					_t64 = _t64 + 0x1c;
					if(_t37 != 0) {
						L17:
						goto L18;
					}
					goto L5;
				}
			}



















                                                                                                                                0x7098b5b4
                                                                                                                                0x7098b5b4
                                                                                                                                0x7098b5b9
                                                                                                                                0x7098b5ba
                                                                                                                                0x7098b5bc
                                                                                                                                0x7098b5bf
                                                                                                                                0x7098b5c5
                                                                                                                                0x7098b69c
                                                                                                                                0x7098b69e
                                                                                                                                0x7098b69e
                                                                                                                                0x7098b5d1
                                                                                                                                0x7098b5d1
                                                                                                                                0x7098b5da
                                                                                                                                0x7098b610
                                                                                                                                0x7098b610
                                                                                                                                0x7098b613
                                                                                                                                0x7098b617
                                                                                                                                0x7098b619
                                                                                                                                0x7098b619
                                                                                                                                0x7098b61e
                                                                                                                                0x7098b633
                                                                                                                                0x7098b635
                                                                                                                                0x7098b638
                                                                                                                                0x7098b63e
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7098b640
                                                                                                                                0x7098b641
                                                                                                                                0x7098b643
                                                                                                                                0x7098b653
                                                                                                                                0x7098b655
                                                                                                                                0x7098b65a
                                                                                                                                0x7098b662
                                                                                                                                0x7098b668
                                                                                                                                0x7098b681
                                                                                                                                0x7098b686
                                                                                                                                0x7098b689
                                                                                                                                0x7098b689
                                                                                                                                0x7098b668
                                                                                                                                0x7098b65a
                                                                                                                                0x7098b68c
                                                                                                                                0x7098b68f
                                                                                                                                0x7098b692
                                                                                                                                0x7098b695
                                                                                                                                0x00000000
                                                                                                                                0x7098b5ed
                                                                                                                                0x7098b600
                                                                                                                                0x7098b605
                                                                                                                                0x7098b60a
                                                                                                                                0x7098b69b
                                                                                                                                0x00000000
                                                                                                                                0x7098b69b
                                                                                                                                0x00000000
                                                                                                                                0x7098b60a

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 7098B5CC
                                                                                                                                  • Part of subcall function 70989F98: __amsg_exit.LIBCMT ref: 70989FA8
                                                                                                                                • _GetRangeOfTrysToCheck.LIBCMT ref: 7098B62E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CheckRangeTrys__amsg_exit__getptd
                                                                                                                                • String ID: MOC
                                                                                                                                • API String ID: 647365596-624257665
                                                                                                                                • Opcode ID: bb3c41aa47741304d6a0ead9431475b767ce441b260aada90aa3615d1b81c22f
                                                                                                                                • Instruction ID: 6277381320f2a23af69ff0ce86d2ba243b321b8af069c1f4c8f3d7dde64c8707
                                                                                                                                • Opcode Fuzzy Hash: bb3c41aa47741304d6a0ead9431475b767ce441b260aada90aa3615d1b81c22f
                                                                                                                                • Instruction Fuzzy Hash: DB312A72400109AFDF018F44C841B9EBBBAFF44328F194159F91AA7291E335FDA1DB96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 704376A1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 91%
                                                                                                                                			E704376A1(void* __ebx, void* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v12;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t37;
				void* _t44;
				void* _t48;
				intOrPtr _t53;
				intOrPtr* _t55;
				intOrPtr _t56;
				intOrPtr* _t57;
				intOrPtr* _t60;
				intOrPtr _t62;
				void* _t64;
				void* _t65;

				_t51 = __ecx;
				_t48 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t60 = _a4;
				_t66 =  *_t60 - 0x80000003;
				if( *_t60 == 0x80000003) {
					L18:
					return _t37;
				}
				_t2 = E7043612E(__ebx, _t66) + 0x80; // 0x80
				_t55 = _t2;
				if( *_t55 == 0 ||  *_t55 == E70435EDB() ||  *_t60 == 0xe0434f4d) {
					L5:
					_t56 = _a20;
					_t71 =  *((intOrPtr*)(_t56 + 0xc));
					if( *((intOrPtr*)(_t56 + 0xc)) == 0) {
						E70437C28(_t48, _t56, _t60, _t71);
					}
					_t62 = _a24;
					_t57 = E70434648(_t51, _t56, _a28, _t62,  &_v8,  &_v12);
					_t37 = _v8;
					_t65 = _t64 + 0x14;
					if(_t37 >= _v12) {
						goto L17;
					}
					_push(_t48);
					do {
						if(_t62 >=  *_t57 && _t62 <=  *((intOrPtr*)(_t57 + 4))) {
							_t44 = ( *(_t57 + 0xc) << 4) +  *((intOrPtr*)(_t57 + 0x10));
							_t53 =  *((intOrPtr*)(_t44 - 0xc));
							if(_t53 == 0 ||  *((char*)(_t53 + 8)) == 0) {
								_t50 = _t44 - 0x10;
								if(( *(_t44 - 0x10) & 0x00000040) == 0) {
									E7043762E(_t50, _t57, _a8, _a4, _a12, _a16, _a20, 0, _a28, _a32);
									_t62 = _a24;
									_t65 = _t65 + 0x1c;
								}
							}
						}
						_v8 = _v8 + 1;
						_t37 = _v8;
						_t57 = _t57 + 0x14;
					} while (_t37 < _v12);
					goto L17;
				} else {
					_t37 = E704344AE(_t60, _a8, _a12, _a16, _a20, _a28, _a32);
					_t64 = _t64 + 0x1c;
					if(_t37 != 0) {
						L17:
						goto L18;
					}
					goto L5;
				}
			}



















                                                                                                                                0x704376a1
                                                                                                                                0x704376a1
                                                                                                                                0x704376a6
                                                                                                                                0x704376a7
                                                                                                                                0x704376a9
                                                                                                                                0x704376ac
                                                                                                                                0x704376b2
                                                                                                                                0x70437789
                                                                                                                                0x7043778b
                                                                                                                                0x7043778b
                                                                                                                                0x704376be
                                                                                                                                0x704376be
                                                                                                                                0x704376c7
                                                                                                                                0x704376fd
                                                                                                                                0x704376fd
                                                                                                                                0x70437700
                                                                                                                                0x70437704
                                                                                                                                0x70437706
                                                                                                                                0x70437706
                                                                                                                                0x7043770b
                                                                                                                                0x70437720
                                                                                                                                0x70437722
                                                                                                                                0x70437725
                                                                                                                                0x7043772b
                                                                                                                                0x00000000
                                                                                                                                0x00000000
                                                                                                                                0x7043772d
                                                                                                                                0x7043772e
                                                                                                                                0x70437730
                                                                                                                                0x70437740
                                                                                                                                0x70437742
                                                                                                                                0x70437747
                                                                                                                                0x7043774f
                                                                                                                                0x70437755
                                                                                                                                0x7043776e
                                                                                                                                0x70437773
                                                                                                                                0x70437776
                                                                                                                                0x70437776
                                                                                                                                0x70437755
                                                                                                                                0x70437747
                                                                                                                                0x70437779
                                                                                                                                0x7043777c
                                                                                                                                0x7043777f
                                                                                                                                0x70437782
                                                                                                                                0x00000000
                                                                                                                                0x704376da
                                                                                                                                0x704376ed
                                                                                                                                0x704376f2
                                                                                                                                0x704376f7
                                                                                                                                0x70437788
                                                                                                                                0x00000000
                                                                                                                                0x70437788
                                                                                                                                0x00000000
                                                                                                                                0x704376f7

                                                                                                                                APIs
                                                                                                                                • __getptd.LIBCMT ref: 704376B9
                                                                                                                                  • Part of subcall function 7043612E: __amsg_exit.LIBCMT ref: 7043613E
                                                                                                                                • _GetRangeOfTrysToCheck.LIBCMT ref: 7043771B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756105441.0000000070431000.00000020.00020000.sdmp, Offset: 70430000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756090552.0000000070430000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756137627.000000007043E000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756149816.0000000070440000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70430000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CheckRangeTrys__amsg_exit__getptd
                                                                                                                                • String ID: MOC
                                                                                                                                • API String ID: 647365596-624257665
                                                                                                                                • Opcode ID: 95b9c81fa061ae9dcf2a0d76840aa532f36b0d01146e71bc1541a3295ee269b2
                                                                                                                                • Instruction ID: 1a267e0f3ef43c661f3be82d1e286cbd0d3a763e35c6a5611bc4148f6d8b0305
                                                                                                                                • Opcode Fuzzy Hash: 95b9c81fa061ae9dcf2a0d76840aa532f36b0d01146e71bc1541a3295ee269b2
                                                                                                                                • Instruction Fuzzy Hash: 0B315A3640010AAFCF22CF44C841AADBBB5FF09314F956158F95673211D339BD61DB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3670, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?), ref: 013F36D6
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,0000014E), ref: 013F3709
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/cipher.c, xrefs: 013F36FE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 129115766-705831790
                                                                                                                                • Opcode ID: c15e4730b341a0f363a73e574055f3ac27b09da449d9eba0be0b6ed93051b572
                                                                                                                                • Instruction ID: 7ac52356c955278ba8bd8f406797f1f0abf62f7324160ae33df2754f64fb2789
                                                                                                                                • Opcode Fuzzy Hash: c15e4730b341a0f363a73e574055f3ac27b09da449d9eba0be0b6ed93051b572
                                                                                                                                • Instruction Fuzzy Hash: E711D3B1704205ABE710AE19DC84F767BACFF8075CF14002DEB458B681E772E8A9C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 7098703E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                C-Code - Quality: 53%
                                                                                                                                			E7098703E(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v13;
				char _v32;
				char _v60;
				intOrPtr _t28;
				intOrPtr _t37;
				char* _t40;
				char* _t45;
				intOrPtr _t48;
				intOrPtr _t51;
				void* _t57;

				_t57 = __eflags;
				_push(0x30);
				E70987FC8(E70992F6F, __ebx, __edi, __esi);
				_push( &_v13);
				E70986E69( &_v32, "invalid string position");
				_v4 = _v4 & 0x00000000;
				_push( &_v32);
				_t40 =  &_v60;
				E70986FB7(_t40, __esi, _t57);
				E70988C6D( &_v60, 0x709936bc);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(__ebx);
				_push(__esi);
				_t48 = _v8;
				_push(__edi);
				_t45 = _t40;
				_t58 =  *((intOrPtr*)(_t45 + 8)) - _t48;
				if( *((intOrPtr*)(_t45 + 8)) < _t48) {
					E7098703E(__ebx, _t45, _t48, _t58);
				}
				E709874B4(_t40);
				_t37 = _a8;
				_t28 =  *((intOrPtr*)(_t45 + 8)) - _t48;
				if(_t28 < _t37) {
					_t37 = _t28;
				}
				if(_t37 > 0) {
					E70988470(_t37, _t45, _t48,  *((intOrPtr*)(_t45 + 4)) + _t48,  *((intOrPtr*)(_t45 + 4)) + _t48 + _t37, _t28 - _t37);
					_t51 =  *((intOrPtr*)(_t45 + 8)) - _t37;
					if(E7098734B(_t45, _t51, 0) != 0) {
						 *((intOrPtr*)(_t45 + 8)) = _t51;
						 *((char*)(_t51 +  *((intOrPtr*)(_t45 + 4)))) = 0;
					}
				}
				return _t45;
			}















                                                                                                                                0x7098703e
                                                                                                                                0x7098703e
                                                                                                                                0x70987045
                                                                                                                                0x7098704d
                                                                                                                                0x70987056
                                                                                                                                0x7098705b
                                                                                                                                0x70987062
                                                                                                                                0x70987063
                                                                                                                                0x70987066
                                                                                                                                0x70987074
                                                                                                                                0x70987079
                                                                                                                                0x7098707a
                                                                                                                                0x7098707b
                                                                                                                                0x7098707c
                                                                                                                                0x7098707d
                                                                                                                                0x7098707e
                                                                                                                                0x70987084
                                                                                                                                0x70987085
                                                                                                                                0x70987086
                                                                                                                                0x70987089
                                                                                                                                0x7098708a
                                                                                                                                0x7098708c
                                                                                                                                0x7098708f
                                                                                                                                0x70987091
                                                                                                                                0x70987091
                                                                                                                                0x70987096
                                                                                                                                0x7098709e
                                                                                                                                0x709870a1
                                                                                                                                0x709870a5
                                                                                                                                0x709870a7
                                                                                                                                0x709870a7
                                                                                                                                0x709870ab
                                                                                                                                0x709870ba
                                                                                                                                0x709870c7
                                                                                                                                0x709870d3
                                                                                                                                0x709870d8
                                                                                                                                0x709870db
                                                                                                                                0x709870db
                                                                                                                                0x709870d3
                                                                                                                                0x709870e5

                                                                                                                                APIs
                                                                                                                                • __EH_prolog3.LIBCMT ref: 70987045
                                                                                                                                  • Part of subcall function 70986FB7: __EH_prolog3.LIBCMT ref: 70986FBE
                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 70987074
                                                                                                                                  • Part of subcall function 70988C6D: RaiseException.KERNEL32(?,?,70986E02,?,?,?,?,?,70986E02,?,709935E4,70997204), ref: 70988CAF
                                                                                                                                Strings
                                                                                                                                • invalid string position, xrefs: 7098704E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.756170437.0000000070981000.00000020.00020000.sdmp, Offset: 70980000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.756161019.0000000070980000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756184600.0000000070996000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.756191860.0000000070999000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_70980000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: H_prolog3$ExceptionException@8RaiseThrow
                                                                                                                                • String ID: invalid string position
                                                                                                                                • API String ID: 1412866469-1799206989
                                                                                                                                • Opcode ID: 1aee125b97ef1070dca784ee21ecd0662a413d774237a9a8eeb1a3e81ccf90ea
                                                                                                                                • Instruction ID: 50f16a1e4e3a4b3d849e7fe5fc01500aa27a2e7d97c81d20469d693ec16ac017
                                                                                                                                • Opcode Fuzzy Hash: 1aee125b97ef1070dca784ee21ecd0662a413d774237a9a8eeb1a3e81ccf90ea
                                                                                                                                • Instruction Fuzzy Hash: A9118272A101196FC701DEA9DC81FAEF77DAF84218F10422AF91597781CB65FD44C7A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBBD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBBE0
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002EE), ref: 013FBBFC
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FBBF1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1627706831-1759677748
                                                                                                                                • Opcode ID: d2bd88c89653d65968a1ba4ad2a66e06f152c8f1d48bba9f87dc0c6d052cb653
                                                                                                                                • Instruction ID: ee87da574ea2e3ff04a278f2f7152370565aee9b10169c99fff5765ed510028b
                                                                                                                                • Opcode Fuzzy Hash: d2bd88c89653d65968a1ba4ad2a66e06f152c8f1d48bba9f87dc0c6d052cb653
                                                                                                                                • Instruction Fuzzy Hash: DF113AA2A206459BEF19463CDC43B27A3555FE125CF68C72EFA65F3196EF20A0909250
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2BD0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000068,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000F0), ref: 013F2C49
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F2C5B
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/aead.c, xrefs: 013F2BF7, 013F2C3E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 129115766-2050848870
                                                                                                                                • Opcode ID: ab4d6cdcc24dfe83a9709072204a917eb3f9a144c4cd6a0478e189dc83e2799c
                                                                                                                                • Instruction ID: d15530a5e59ec549421c13178df70d2bda0bc3d1afc2222c856a12e7c0827c16
                                                                                                                                • Opcode Fuzzy Hash: ab4d6cdcc24dfe83a9709072204a917eb3f9a144c4cd6a0478e189dc83e2799c
                                                                                                                                • Instruction Fuzzy Hash: 3511E176745301BBEE149A84CDD1F2F76AAABC4E08F55092CF742A6290C651DC009762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5A20, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000001A4,00000000,?,00000000,?,013E556E,00000000,00000000,?,?,?), ref: 013E5A48
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/montgomery.c, xrefs: 013E5A3D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/montgomery.c
                                                                                                                                • API String ID: 1767461275-245256104
                                                                                                                                • Opcode ID: 560ae58e2f6b58136f7c4828fabbd91c1d00c288a991fa7de8dd568fa469a759
                                                                                                                                • Instruction ID: 3a15a53ec14aec2fa6403d45fbe4782950a72c30490962e3b7b33943e0843b8e
                                                                                                                                • Opcode Fuzzy Hash: 560ae58e2f6b58136f7c4828fabbd91c1d00c288a991fa7de8dd568fa469a759
                                                                                                                                • Instruction Fuzzy Hash: 0911E379A043129FEB21DE59D888F1BBBE5BF8421CF08856CE949572C1D770ED44CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7AF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013F7B14
                                                                                                                                • ERR_put_error.ADB(0000001B,00000000,00000065,external/boringssl/src/crypto/fipsmodule/ecdh/ecdh.c,00000053), ref: 013F7E41
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ecdh/ecdh.c, xrefs: 013F7B34
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ecdh/ecdh.c
                                                                                                                                • API String ID: 1627706831-2483809942
                                                                                                                                • Opcode ID: d4e1a2be0801aa4603606222bad015663f55e04e585799d9a52a5b2f68250948
                                                                                                                                • Instruction ID: f39a88c8254be878b564dfbd0f7e4ff976db6cd202874564beeaef4f6c8b5e37
                                                                                                                                • Opcode Fuzzy Hash: d4e1a2be0801aa4603606222bad015663f55e04e585799d9a52a5b2f68250948
                                                                                                                                • Instruction Fuzzy Hash: 8FF02B76A403097BEB10AE68EC86F87772CEF14B64F050275FF14272D1E660BD2486E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBD30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBD40
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FBD5C
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FBD51
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1627706831-1759677748
                                                                                                                                • Opcode ID: b1f669e82524c571ba1ee4ffdfee8a58f64b8352d87c65bdc34bf361c51f00e5
                                                                                                                                • Instruction ID: 2ba4ae64bcd4474cccd19c85c75baea9718b3051e072e6509f3d9e2198d19fbd
                                                                                                                                • Opcode Fuzzy Hash: b1f669e82524c571ba1ee4ffdfee8a58f64b8352d87c65bdc34bf361c51f00e5
                                                                                                                                • Instruction Fuzzy Hash: 3DE026A2B8031277E4203528BC06F4B72586FB1B6CF080039FE09722C9F6A1E01580B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2D20, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RSA_up_ref.ADB(?), ref: 013D2D33
                                                                                                                                  • Part of subcall function 01409CB0: CRYPTO_refcount_inc.ADB(?,013D2BC0,?), ref: 01409CB8
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000006B,external/boringssl/src/crypto/evp/evp.c,000000ED), ref: 013D2D4D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2D42
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_up_refO_refcount_incR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 126871076-3933497650
                                                                                                                                • Opcode ID: f1fc818ec23d319444c930697adea41271c965e29188cfe9220633dbfbf08aef
                                                                                                                                • Instruction ID: b19c0cdf6ef822c39fe8c7108f944754f3f3e96b853b6cf84c65a88619ff1778
                                                                                                                                • Opcode Fuzzy Hash: f1fc818ec23d319444c930697adea41271c965e29188cfe9220633dbfbf08aef
                                                                                                                                • Instruction Fuzzy Hash: 83E0CD73F8523057D1116209BC05F0772984B21E04F4A4555F6047B1E6D2E1DC5181D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2F60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_up_ref.ADB(?), ref: 013D2F76
                                                                                                                                  • Part of subcall function 013FD380: CRYPTO_refcount_inc.ADB(?,013D2ED0,?), ref: 013FD388
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000006A,external/boringssl/src/crypto/evp/evp.c,00000125), ref: 013D2F90
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2F85
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_incR_put_errorY_up_ref
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 1874503136-3933497650
                                                                                                                                • Opcode ID: 1cf58e25d8ed24d8accd3cd08e9ac140977e558ec6ad94c36f7f97135e2fed69
                                                                                                                                • Instruction ID: bf2c290f939e372b03322b74cab7b0e6a27938e59c7050b84af1de1f75b236dc
                                                                                                                                • Opcode Fuzzy Hash: 1cf58e25d8ed24d8accd3cd08e9ac140977e558ec6ad94c36f7f97135e2fed69
                                                                                                                                • Instruction Fuzzy Hash: B6E0CD73BC533157D51021087C05F4BA58C9F31F09F0A4499F6097B1D1D6E1AC5441C2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2E40, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DSA_up_ref.ADB(?), ref: 013D2E53
                                                                                                                                  • Part of subcall function 01514850: CRYPTO_refcount_inc.ADB(?,013D2DB0,?), ref: 01514858
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000006C,external/boringssl/src/crypto/evp/evp.c,00000109), ref: 013D2E6D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2E62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_up_refO_refcount_incR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 126871076-3933497650
                                                                                                                                • Opcode ID: 0601e15e68a9d72c21281b674251b77a0f940d3962cdb79abf9fea3ebc600f19
                                                                                                                                • Instruction ID: 0fe9dffc6723ed13da7c62ce31c772f4d6e874ee72b5c546411b299ee727d532
                                                                                                                                • Opcode Fuzzy Hash: 0601e15e68a9d72c21281b674251b77a0f940d3962cdb79abf9fea3ebc600f19
                                                                                                                                • Instruction Fuzzy Hash: FCE0C273B81231ABE1116218BC02F5776885B21F04F4B4065F90D7F1D6D2D2ED5282C2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E1520, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E1522
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E1565
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E155A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 2531206346-589256770
                                                                                                                                • Opcode ID: 4f9760ce823a1ab8c766da0c7e0342a440da688a99b72af7771b50cf4ec1ed67
                                                                                                                                • Instruction ID: fc1d26ec683fc823a6b34a875149260433ca302a9261be797c71a518ed3aabf4
                                                                                                                                • Opcode Fuzzy Hash: 4f9760ce823a1ab8c766da0c7e0342a440da688a99b72af7771b50cf4ec1ed67
                                                                                                                                • Instruction Fuzzy Hash: 5FE0BFF06803115EF7515F15DC2EF427AE06B60B08F8AC098E5096F2E6D7FAC2499B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E0010, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0012
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E004E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0043
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 2531206346-2228489102
                                                                                                                                • Opcode ID: 2760dcb5e785280fc0029f890af94221743840c95d5db9b5692f4ae9a48d195f
                                                                                                                                • Instruction ID: 3b527c61949f9cb5cc8cdfa03cbf462b41a37d08253e6aa7e2261f01b85fc8c5
                                                                                                                                • Opcode Fuzzy Hash: 2760dcb5e785280fc0029f890af94221743840c95d5db9b5692f4ae9a48d195f
                                                                                                                                • Instruction Fuzzy Hash: 3DE0ECF46803015EF7505F11DC2AF427AD06B20B08F8A80A8E6095F2E2E7FAC5858B95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2910, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D2912
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D2947
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D293C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000025.00000002.754234312.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000025.00000002.754220108.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755360971.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755652144.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755667393.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755750250.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755766339.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755778150.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000025.00000002.755800243.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_37_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 2531206346-3933497650
                                                                                                                                • Opcode ID: 2aec12520fe003f5ec4659bde51b93e1d9a8333d8dd3b9b5d008340f3225c81a
                                                                                                                                • Instruction ID: 56889358058f57cb70d617a2f9cc664a09b72de090389f56525bf4d8495a493e
                                                                                                                                • Opcode Fuzzy Hash: 2aec12520fe003f5ec4659bde51b93e1d9a8333d8dd3b9b5d008340f3225c81a
                                                                                                                                • Instruction Fuzzy Hash: 69C092A2BC031231F86031622D07F9B04581B30F4DF848439BB0ABC0E2E8F1A0E5802A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Analysis Process: adb.exe PID: 4168 Parent PID: 3404 adb.exeCOMMON

                                                                                                                                Executed Functions

                                                                                                                                Function 013EEC00, Relevance: 8.2, APIs: 5, Instructions: 713COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 13eec00-13eec0f 1 13eec6a-13eec77 BN_CTX_get 0->1 2 13eec11-13eec1a 0->2 5 13eec7d-13eec9f BN_mod_exp_mont_consttime 1->5 6 13ef4e1-13ef4e5 1->6 3 13eec1c-13eec2d 2->3 4 13eec59 2->4 9 13eec2f-13eec35 3->9 10 13eec64 3->10 11 13eec5c-13eec62 4->11 5->6 12 13eeca5-13eecb4 BN_mod_mul_montgomery 5->12 7 13ef4fa-13ef503 6->7 8 13ef4e7-13ef4f7 6->8 8->7 9->10 13 13eec37-13eec4c OPENSSL_realloc 9->13 10->1 11->1 12->6 14 13eecba-13eecd7 12->14 13->10 17 13eec4e-13eec57 13->17 15 13eecdd-13eecf0 14->15 16 13eed68-13eed6e 14->16 18 13eed4e-13eed5f 15->18 19 13eecf2-13eed0f 15->19 20 13eedf8-13eedff 16->20 21 13eed74-13eed7a 16->21 17->11 23 13eed60-13eed66 18->23 22 13eed10-13eed27 19->22 26 13eee6d-13eee9a 20->26 27 13eee01-13eee12 20->27 24 13eed7c-13eed7e 21->24 25 13eed80-13eed99 21->25 22->22 30 13eed29-13eed4c 22->30 23->16 23->23 33 13eedda-13eedeb 24->33 34 13eeda0-13eedb7 25->34 31 13eef38-13eef3e 26->31 32 13eeea0-13eeeb2 26->32 28 13eee14-13eee1f 27->28 29 13eee60-13eee6b 27->29 35 13eee20-13eee37 28->35 29->26 29->29 30->16 30->18 39 13eef5b-13eef5f 31->39 40 13eef40-13eef51 31->40 36 13eef1f-13eef26 32->36 37 13eeeb4-13eeed6 32->37 41 13eedf0-13eedf6 33->41 34->34 38 13eedb9-13eedd8 34->38 35->35 43 13eee39-13eee51 35->43 45 13eef30-13eef36 36->45 44 13eeee0-13eeef7 37->44 38->20 38->33 42 13eefe8-13eeffb 39->42 46 13eef64-13eef7d 40->46 47 13eef53-13eef59 40->47 41->20 41->41 50 13ef06d-13ef08f 42->50 51 13eeffd-13ef00d 42->51 43->26 49 13eee53-13eee5d 43->49 44->44 52 13eeef9-13eef1d 44->52 45->31 45->45 48 13eef80-13eef97 46->48 53 13eefc1-13eefd8 47->53 48->48 54 13eef99-13eefbf 48->54 49->29 58 13ef4cf 50->58 59 13ef095-13ef09e 50->59 56 13ef00f-13ef01a 51->56 57 13ef060-13ef06b 51->57 52->31 52->36 55 13eefe0-13eefe6 53->55 54->42 54->53 55->42 55->55 61 13ef020-13ef037 56->61 57->50 57->57 60 13ef4d3-13ef4df 58->60 62 13ef0a0-13ef0b5 59->62 60->6 61->61 63 13ef039-13ef051 61->63 62->60 64 13ef0bb-13ef0d5 BN_mod_mul_montgomery 62->64 63->50 67 13ef053-13ef05d 63->67 65 13ef0db-13ef0f2 64->65 66 13ef504-13ef50a 64->66 68 13ef188-13ef18a 65->68 69 13ef0f8-13ef109 65->69 66->7 70 13ef50c 66->70 67->57 73 13ef218-13ef21f 68->73 74 13ef190-13ef199 68->74 71 13ef16e-13ef17f 69->71 72 13ef10b-13ef128 69->72 70->8 78 13ef180-13ef186 71->78 77 13ef130-13ef147 72->77 75 13ef28d-13ef2ce 73->75 76 13ef221-13ef232 73->76 79 13ef19b-13ef19d 74->79 80 13ef1a0-13ef1ba 74->80 84 13ef368-13ef36d 75->84 85 13ef2d4-13ef2e6 75->85 81 13ef234-13ef23f 76->81 82 13ef280-13ef28b 76->82 77->77 83 13ef149-13ef16c 77->83 78->68 78->78 86 13ef1fa-13ef20b 79->86 87 13ef1c0-13ef1d7 80->87 88 13ef240-13ef257 81->88 82->75 82->82 83->68 83->71 92 13ef408-13ef40f 84->92 93 13ef373-13ef381 84->93 89 13ef34f-13ef356 85->89 90 13ef2e8-13ef30f 85->90 94 13ef210-13ef216 86->94 87->87 91 13ef1d9-13ef1f8 87->91 88->88 95 13ef259-13ef271 88->95 99 13ef360-13ef366 89->99 98 13ef310-13ef327 90->98 91->73 91->86 96 13ef430-13ef434 92->96 97 13ef411-13ef422 92->97 100 13ef383-13ef385 93->100 101 13ef390-13ef3a6 93->101 94->73 94->94 95->75 104 13ef273-13ef27d 95->104 107 13ef49d-13ef4b5 96->107 105 13ef424-13ef428 97->105 106 13ef440-13ef44b 97->106 98->98 108 13ef329-13ef34d 98->108 99->84 99->99 102 13ef3e7-13ef3fc 100->102 103 13ef3b0-13ef3c7 101->103 110 13ef400-13ef406 102->110 103->103 109 13ef3c9-13ef3e5 103->109 104->82 111 13ef490-13ef49b 105->111 112 13ef450-13ef467 106->112 107->58 113 13ef4b7-13ef4c7 107->113 108->84 108->89 109->92 109->102 110->92 110->110 111->107 111->111 112->112 115 13ef469-13ef485 112->115 113->62 114 13ef4cd 113->114 114->60 115->107 116 13ef487 115->116 116->111
                                                                                                                                APIs
                                                                                                                                • OPENSSL_realloc.ADB(?), ref: 013EEC42
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EEC6B
                                                                                                                                • BN_mod_exp_mont_consttime.ADB(00000000,?,?,00000000,?,?), ref: 013EEC95
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,?,?,?), ref: 013EECAA
                                                                                                                                • BN_mod_mul_montgomery.ADB(?,?,?,?,?), ref: 013EF0CB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_mod_mul_montgomery$L_reallocN_mod_exp_mont_consttimeX_getmallocmemcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1351940690-0
                                                                                                                                • Opcode ID: ff54c66e45c2b646ac51a481cd7baf8e1c370edd41253133d1a767b4005607ac
                                                                                                                                • Instruction ID: 90a0b671b53a3fb683656ef8cb037ac947e8f912fae35ab23bc9d0103205974a
                                                                                                                                • Opcode Fuzzy Hash: ff54c66e45c2b646ac51a481cd7baf8e1c370edd41253133d1a767b4005607ac
                                                                                                                                • Instruction Fuzzy Hash: BE42CD359087198FD712CF3CC48162AF7E1BFD6258F55CB6DE89577292EB30A8818B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0157CC9E, Relevance: 4.6, APIs: 3, Instructions: 111COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 117 157cc9e-157ccdb call 157c265 121 157cce5-157ccf4 call 157bad4 117->121 122 157ccdd-157cce0 117->122 126 157ccf6-157ccfa 121->126 127 157ccfc-157cd01 121->127 123 157ce30-157ce37 122->123 126->127 128 157cd06-157cdd1 call 157bbcb DuplicateHandle 126->128 127->123 136 157cdd3 abort 128->136 137 157cdd8-157ce26 128->137 136->137 140 157ce2d 137->140 141 157ce28 abort 137->141 140->123 141->140
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4be524d2b2b602fdca305fa635a3195c2349ed8995c022bb11c2d453ecf890ee
                                                                                                                                • Instruction ID: 15505e0de81ee06d282fbab0908c4189e4cb921707c187de1e2a47f1305c6055
                                                                                                                                • Opcode Fuzzy Hash: 4be524d2b2b602fdca305fa635a3195c2349ed8995c022bb11c2d453ecf890ee
                                                                                                                                • Instruction Fuzzy Hash: 4241E8B090421A8FDB10EFA8D984B9EBBF0FF48314F008669E454AB355D774D955CFA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0157BAD4, Relevance: 2.6, APIs: 2, Instructions: 58COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 142 157bad4-157baf9 call 15cb969 145 157bb5c-157bb7b call 157b6fc 142->145 146 157bafb-157bb16 calloc 142->146 154 157bb86-157bb9b 145->154 155 157bb7d-157bb84 145->155 148 157bb4b-157bb5a call 15cba22 146->148 149 157bb18-157bb37 call 157b6fc 146->149 157 157bbc3-157bbc4 148->157 149->148 161 157bb39-157bb44 free 149->161 159 157bba7-157bbaa 154->159 160 157bb9d 154->160 158 157bbb4-157bbc0 call 15cba22 155->158 158->157 159->158 160->159 161->148
                                                                                                                                APIs
                                                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157BB0A
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157BB3F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: callocfree
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 306872129-0
                                                                                                                                • Opcode ID: fc20effb92c63656ff6c01377fdbab66bdf188ae3a07842b6f5d82118de67ab3
                                                                                                                                • Instruction ID: 5d473f9bbfdaa64743741fd2a70742fca93aae6dee0463775b01cbeceaaf119a
                                                                                                                                • Opcode Fuzzy Hash: fc20effb92c63656ff6c01377fdbab66bdf188ae3a07842b6f5d82118de67ab3
                                                                                                                                • Instruction Fuzzy Hash: BC2175B4E042059FDB20EFA9D085BADF7F4FF54304F0188A9E9989B355D37496858F42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01425D90, Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 164 1425d90-1425d9b 165 1425db4-1425db8 164->165 166 1425d9d-1425dab malloc 164->166 166->165 167 1425dad-1425db2 166->167 167->165
                                                                                                                                APIs
                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: malloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2803490479-0
                                                                                                                                • Opcode ID: cf9fca0fe472633a6e63947fe4b09a3bae59e1276fb613ec4fea4b33b69ab38c
                                                                                                                                • Instruction ID: 920399244ec0ab88237717db40000c82a6789dc6b550baf0b6bfca942471b36b
                                                                                                                                • Opcode Fuzzy Hash: cf9fca0fe472633a6e63947fe4b09a3bae59e1276fb613ec4fea4b33b69ab38c
                                                                                                                                • Instruction Fuzzy Hash: 4DD05E676111211BD95086ACEC04ACFE6EADAD95B578A8232D924DF390E330E84283E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 013F1340, Relevance: 56.5, APIs: 30, Strings: 2, Instructions: 480COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 216 13f1340-13f135c 217 13f14c6-13f14c8 216->217 218 13f1362-13f1369 216->218 219 13f14ce-13f14d0 217->219 220 13f156c-13f1583 ERR_put_error 217->220 221 13f136f-13f1402 218->221 222 13f14d2-13f14d8 218->222 219->222 226 13f1d2e-13f1d37 220->226 221->217 229 13f1408-13f140d 221->229 223 13f14de-13f14e9 222->223 224 13f1568-13f156a 222->224 227 13f14eb-13f14ef 223->227 228 13f14f1-13f1506 223->228 224->220 230 13f1588-13f158c 224->230 233 13f1553-13f1558 227->233 234 13f1510-13f1527 228->234 235 13f16f5-13f16f9 229->235 236 13f1413-13f147e 229->236 231 13f158e-13f1592 230->231 232 13f1599-13f15a5 OPENSSL_malloc 230->232 237 13f15d9-13f15e0 231->237 238 13f1594 231->238 239 13f15ab-13f15d3 232->239 240 13f1804-13f1819 ERR_put_error 232->240 244 13f1560-13f1566 233->244 234->234 241 13f1529-13f1551 234->241 242 13f16fb-13f16ff 235->242 243 13f1707-13f1713 OPENSSL_malloc 235->243 246 13f1480-13f1486 236->246 247 13f17f1-13f17ff 237->247 248 13f15e6-13f15f3 call 13df4e0 237->248 238->247 239->237 239->247 249 13f1d13 240->249 241->224 241->233 242->247 250 13f1705 242->250 243->240 251 13f1719-13f1741 243->251 244->224 244->244 246->246 252 13f1488-13f148e 246->252 247->226 263 13f1859-13f185b 248->263 264 13f15f9-13f160b 248->264 255 13f1d15-13f1d19 249->255 254 13f1747-13f174c 250->254 251->247 251->254 252->235 257 13f1494-13f1498 252->257 254->247 256 13f1752-13f175c 254->256 255->226 259 13f1d1b-13f1d2b 255->259 260 13f17e8-13f17ef 256->260 261 13f1762-13f176d 256->261 257->217 262 13f168c-13f1690 257->262 259->226 260->247 267 13f1829-13f183a call 13df4e0 260->267 265 13f17cf-13f17de 261->265 266 13f176f-13f1788 261->266 262->235 268 13f189a-13f18e5 BN_CTX_get * 6 262->268 269 13f185d-13f1862 263->269 270 13f187b-13f187d 263->270 264->226 274 13f17e0-13f17e6 265->274 273 13f1790-13f17a7 266->273 267->263 284 13f183c-13f1854 267->284 268->249 275 13f18eb-13f191c BN_nnmod 268->275 271 13f1864-13f186e OPENSSL_free 269->271 272 13f1871-13f1873 269->272 270->226 271->272 277 13f1875 272->277 278 13f1882-13f188d OPENSSL_free 272->278 273->273 279 13f17a9-13f17cd 273->279 274->260 274->274 282 13f1cbe-13f1cc0 275->282 283 13f1922-13f1932 275->283 277->270 278->226 279->260 279->265 285 13f1cc2-13f1cc8 282->285 286 13f1ce1-13f1ce5 282->286 287 13f1941-13f1948 283->287 284->226 285->249 288 13f1cca-13f1cce 285->288 286->249 289 13f194a-13f1956 287->289 290 13f1940 287->290 291 13f1cf7-13f1cfb 288->291 292 13f1cd0-13f1cd4 288->292 289->290 293 13f1958-13f195b 289->293 290->287 296 13f1cfd-13f1d08 OPENSSL_cleanse 291->296 297 13f1d0a-13f1d10 OPENSSL_free 291->297 294 13f1ce7-13f1cf4 OPENSSL_cleanse 292->294 295 13f1cd6-13f1cdf OPENSSL_free 292->295 298 13f1a0b-13f1a24 call 13e3120 293->298 299 13f1961-13f1964 293->299 294->291 295->291 296->249 297->249 298->282 308 13f1a2a-13f1a3e BN_rshift 298->308 301 13f1b2a-13f1b3c BN_copy 299->301 302 13f19c5-13f19dc BN_mod_sqr 299->302 301->282 304 13f1b42-13f1c5f BN_set_word 301->304 302->282 305 13f19e2-13f19f4 BN_cmp 302->305 304->282 310 13f1c61-13f1c6d call 13eb190 304->310 306 13f19fa-13f1a06 305->306 307 13f1d38-13f1d3c 305->307 311 13f1cb2-13f1cbb ERR_put_error 306->311 307->255 308->282 312 13f1a44-13f1a6c BN_mod_exp_mont 308->312 310->311 311->282 312->282 314 13f1a72-13f1a8c BN_mod_sqr 312->314 314->282 315 13f1a92-13f1aae BN_mod_mul 314->315 315->282 316 13f1ab4-13f1ac4 BN_sub_word 315->316 316->282 317 13f1aca-13f1ae8 BN_mod_mul 316->317 317->282 318 13f1aee-13f1b0a BN_mod_mul 317->318 318->282 319 13f1b10-13f1b1f BN_copy 318->319 319->302 320 13f1b25 319->320 320->282
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000072,external/boringssl/src/crypto/fipsmodule/bn/sqrt.c,0000005A), ref: 013F1579
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013F1806
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/sqrt.c, xrefs: 013F156E, 013F19FF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/sqrt.c
                                                                                                                                • API String ID: 1767461275-1578890279
                                                                                                                                • Opcode ID: fd0f10325e7ef7887549509a406d73342f46219bad13bf988ac287d9a1700926
                                                                                                                                • Instruction ID: 820608af39ed39d18464fbbfd7f15a14f1064665ae6c6aa3d1f04df2601655f6
                                                                                                                                • Opcode Fuzzy Hash: fd0f10325e7ef7887549509a406d73342f46219bad13bf988ac287d9a1700926
                                                                                                                                • Instruction Fuzzy Hash: 61021775A04305EFEB219F28ED44B2BBBE5AF9034CF48851CFA59572A2E771D450CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD400, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 231COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 321 13fd400-13fd40b 322 13fd40d-13fd412 321->322 323 13fd44a-13fd454 321->323 322->323 324 13fd414-13fd419 322->324 325 13fd456-13fd458 323->325 324->323 326 13fd41b-13fd42b EC_GROUP_cmp 324->326 327 13fd45a-13fd462 ERR_put_error 325->327 328 13fd46e-13fd473 326->328 329 13fd42d-13fd445 ERR_put_error 326->329 330 13fd464-13fd46d 327->330 332 13fd4ea 328->332 333 13fd475-13fd47f 328->333 331 13fd4fc-13fd508 OPENSSL_malloc 329->331 337 13fd50e-13fd54f EC_GROUP_cmp 331->337 338 13fd5d1-13fd5de 331->338 336 13fd4ec-13fd4f6 332->336 334 13fd4d7-13fd4d9 333->334 335 13fd481-13fd496 333->335 340 13fd4e0-13fd4e6 334->340 339 13fd4a0-13fd4b7 335->339 336->331 341 13fd6ad-13fd6b9 336->341 342 13fd555-13fd56a ERR_put_error 337->342 343 13fd5e3-13fd5f2 call 13fbd80 337->343 338->327 339->339 344 13fd4b9-13fd4d5 339->344 340->340 346 13fd4e8 340->346 341->325 347 13fd56d-13fd577 342->347 343->347 350 13fd5f8-13fd601 343->350 344->334 344->336 346->336 349 13fd579-13fd585 ERR_put_error 347->349 351 13fd587 349->351 350->351 352 13fd603-13fd608 350->352 353 13fd589-13fd5b3 sk_pop_free_ex OPENSSL_free * 2 351->353 354 13fd6be-13fd6ca 352->354 355 13fd60e-13fd620 OPENSSL_malloc 352->355 353->330 356 13fd5b9-13fd5cc EC_GROUP_free OPENSSL_free 353->356 359 13fd6d8-13fd6f0 ERR_put_error 354->359 357 13fd6cc-13fd6d6 355->357 358 13fd626-13fd62f 355->358 356->330 357->359 360 13fd646-13fd688 memset EC_POINT_cmp 358->360 361 13fd631-13fd643 CRYPTO_refcount_inc 358->361 359->349 360->353 363 13fd68e-13fd6a8 ERR_put_error 360->363 361->360 363->353
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FD421
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002EE), ref: 013FD43D
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000012C), ref: 013FD45A
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FD4FE
                                                                                                                                • EC_GROUP_cmp.ADB(?,00000000), ref: 013FD545
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FD565
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000078,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000013D), ref: 013FD57D
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013FD595
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FD5A0
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD5A9
                                                                                                                                • EC_GROUP_free.ADB(00000000), ref: 013FD5BB
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD5C4
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FD616
                                                                                                                                • CRYPTO_refcount_inc.ADB(-0000010C), ref: 013FD63A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC), ref: 013FD658
                                                                                                                                • EC_POINT_cmp.ADB(?,00000000,00000000), ref: 013FD67E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000071,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000014B), ref: 013FD69E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9), ref: 013FD6DC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_free$L_mallocP_cmp$ErrorLastO_get_thread_localO_refcount_incP_freeT_cmpmemsetsk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c$external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 2023990957-1663256894
                                                                                                                                • Opcode ID: 8f835ed1c407e39fade9ca548d82e7a8afe8dc8a056a3eb777d936aca59da062
                                                                                                                                • Instruction ID: b18fbad6e96c761441efffc653ecf869d802253d34c822da40e6f097ec37de50
                                                                                                                                • Opcode Fuzzy Hash: 8f835ed1c407e39fade9ca548d82e7a8afe8dc8a056a3eb777d936aca59da062
                                                                                                                                • Instruction Fuzzy Hash: 167129B1B803056BF7216A69DC4BF663654AF60B4CF04813CFB0D7E2D2EBB1E5548652
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014207E0, Relevance: 31.6, APIs: 21, Instructions: 146COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 462 14207e0-14207ef CRYPTO_get_thread_local 463 14207f5-1420afe OPENSSL_free * 17 462->463 464 1420b0a-1420b19 OPENSSL_malloc 462->464 465 1420b08-1420b09 463->465 464->465 466 1420b1b-1420b3f memset CRYPTO_set_thread_local 464->466 466->463 467 1420b45 466->467 467->465
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_thread_local.ADB(00000000,?,013FCB1D), ref: 014207E3
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,013FCB1D), ref: 014207F8
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142081E
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420845
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 0142086C
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420893
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208BA
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 014208E1
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,013FCB1D), ref: 01420908
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420932
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420968
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0142099E
                                                                                                                                • OPENSSL_free.ADB(?), ref: 014209D4
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A0A
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A40
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420A76
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420AAC
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01420AE2
                                                                                                                                • OPENSSL_malloc.ADB(0000010C,013FCB1D), ref: 01420B0F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,0000010C,?,013FCB1D), ref: 01420B25
                                                                                                                                • CRYPTO_set_thread_local.ADB(00000000,00000000,014217D0,?,?,?,?,013FCB1D), ref: 01420B35
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocO_get_thread_localO_set_thread_localmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2159928624-0
                                                                                                                                • Opcode ID: 78d71a6715c6e88dc339ab9c98e6d9fb412f3e4655be6b99662f304ecd48cd65
                                                                                                                                • Instruction ID: 5c20bb30d8c9404e5e0fb6adb080bed82af54d1b3bf534d03b9c9a17742277fb
                                                                                                                                • Opcode Fuzzy Hash: 78d71a6715c6e88dc339ab9c98e6d9fb412f3e4655be6b99662f304ecd48cd65
                                                                                                                                • Instruction Fuzzy Hash: 5D71A4F0410B518BF7319F21D919797BAF0BF2030CF90892DD5AA1A6A1D7BAB059CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FA890, Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 212COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 468 13fa890-13fa89f 469 13fa8af-13fa8b9 468->469 470 13fa8a1-13fa8a5 468->470 472 13fa8bb-13fa8c7 ERR_put_error 469->472 470->469 471 13fa8a7-13fa8ad 470->471 471->469 473 13fa8d3-13fa8e8 BN_num_bits 471->473 474 13fa8c9-13fa8d2 472->474 475 13fa8ea-13fa8f6 473->475 476 13fa8f8-13fa900 473->476 475->472 477 13fa913-13fa918 476->477 478 13fa902-13fa911 476->478 477->478 479 13fa91a-13fa924 477->479 478->472 480 13fa92a-13fa939 479->480 481 13fa9b2-13fa9b4 479->481 482 13fa93b-13fa93f 480->482 483 13fa941-13fa95e 480->483 481->478 484 13fa9ba-13fa9c3 BN_new 481->484 485 13fa9a5-13fa9a7 482->485 486 13fa961-13fa978 483->486 487 13faa5f-13faa61 484->487 488 13fa9c9-13fa9d5 BN_lshift1 484->488 491 13fa9aa-13fa9b0 485->491 486->486 489 13fa97a-13fa9a3 486->489 490 13faa63-13faa75 EC_POINT_free BN_free 487->490 488->487 492 13fa9db-13fa9ee BN_cmp 488->492 489->481 489->485 490->474 491->481 491->491 493 13faa47-13faa5c ERR_put_error 492->493 494 13fa9f0-13fa9fb EC_POINT_new 492->494 493->487 494->487 495 13fa9fd-13faa0f EC_POINT_copy 494->495 496 13fab0e-13fab11 495->496 497 13faa15-13faa26 BN_copy 495->497 496->490 497->496 498 13faa2c 497->498 499 13faa2f-13faa31 498->499 500 13faa7a-13faa7d 499->500 501 13faa33-13faa3f 499->501 503 13faa7f 500->503 504 13faa86-13faaa1 BN_MONT_CTX_free BN_MONT_CTX_new_for_modulus 500->504 501->499 502 13faa41-13faa45 501->502 502->504 503->504 504->496 505 13faaa3-13faac2 BN_cmp 504->505 506 13faaed-13fab09 CRYPTO_refcount_dec_and_test_zero 505->506 507 13faac4-13faad4 BN_sub 505->507 506->490 507->496 508 13faad6-13faaeb call 13e0540 507->508 508->496 508->506
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000042,external/boringssl/src/crypto/fipsmodule/ec/ec.c,0000015D), ref: 013FA8BF
                                                                                                                                • BN_num_bits.ADB(?), ref: 013FA8D8
                                                                                                                                • BN_new.ADB ref: 013FA9BA
                                                                                                                                • BN_lshift1.ADB(00000000,?), ref: 013FA9CB
                                                                                                                                • BN_cmp.ADB(00000000,?), ref: 013FA9E4
                                                                                                                                • EC_POINT_new.ADB(?), ref: 013FA9F1
                                                                                                                                • EC_POINT_copy.ADB(00000000,?), ref: 013FAA03
                                                                                                                                • BN_copy.ADB(?,?), ref: 013FAA1C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000070,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000179), ref: 013FAA57
                                                                                                                                • EC_POINT_free.ADB(00000000), ref: 013FAA64
                                                                                                                                • BN_free.ADB(00000000), ref: 013FAA6D
                                                                                                                                • BN_MONT_CTX_free.ADB(?), ref: 013FAA89
                                                                                                                                • BN_MONT_CTX_new_for_modulus.ADB(?,00000000), ref: 013FAA94
                                                                                                                                • BN_cmp.ADB(?,?), ref: 013FAAAD
                                                                                                                                • BN_sub.ADB(00000000,?,?), ref: 013FAACA
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(?), ref: 013FAAFA
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_cmpR_put_error$N_copyN_freeN_lshift1N_newN_num_bitsN_subO_refcount_dec_and_test_zeroT_copyT_freeT_newX_freeX_new_for_modulus
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2732770201-1759677748
                                                                                                                                • Opcode ID: 52733f95b1213e9aa20b916f9496f468d03a9e9e2d958c92242eb8c730507f7b
                                                                                                                                • Instruction ID: 06d953627e3729d8347d6773ad6e34546121efbe00fa7b47665bf704e9617b72
                                                                                                                                • Opcode Fuzzy Hash: 52733f95b1213e9aa20b916f9496f468d03a9e9e2d958c92242eb8c730507f7b
                                                                                                                                • Instruction Fuzzy Hash: 7861F675A04305ABFB109A38DC41B6B7BE8AF9034CF04862DFA4DA7291E771D945CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FDCF0, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 511 13fdcf0-13fdcfb 512 13fdcfd-13fdd01 511->512 513 13fdd24-13fdd2e 511->513 512->513 514 13fdd03-13fdd14 BN_num_bits 512->514 515 13fdd30-13fdd39 ERR_put_error 513->515 516 13fdd46-13fdd52 OPENSSL_malloc 514->516 517 13fdd16-13fdd22 514->517 518 13fdd3c 515->518 520 13fdd58-13fde05 516->520 521 13fde07-13fde1c ERR_put_error 516->521 517->515 519 13fdd3e-13fdd45 518->519 522 13fde1e-13fde22 520->522 521->522 523 13fdedc-13fdee8 522->523 524 13fde28-13fde37 OPENSSL_malloc 522->524 525 13fdef6-13fdf02 ERR_put_error 523->525 526 13fde3d-13fde46 524->526 527 13fdeea-13fdef4 524->527 528 13fdf1d-13fdf26 OPENSSL_free 525->528 529 13fde5b-13fde72 memset 526->529 530 13fde48-13fde58 CRYPTO_refcount_inc 526->530 527->525 528->518 531 13fdf09-13fdf1a EC_GROUP_free OPENSSL_free 529->531 532 13fde78-13fde95 call 13f09a0 529->532 530->529 531->528 535 13fde97-13fdeb7 OPENSSL_free 532->535 536 13fdf04-13fdf07 532->536 538 13fdecc-13fded7 535->538 539 13fdeb9-13fdec9 EC_GROUP_free OPENSSL_free 535->539 536->531 538->519 539->538
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 013FDD07
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000001AA), ref: 013FDD34
                                                                                                                                • OPENSSL_malloc.ADB(00000058), ref: 013FDD48
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000041,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000005A), ref: 013FDE14
                                                                                                                                • OPENSSL_malloc.ADB(000000D0), ref: 013FDE2D
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FDE4F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC), ref: 013FDE68
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FDEA7
                                                                                                                                • EC_GROUP_free.ADB(?), ref: 013FDEBB
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FDEC4
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9), ref: 013FDEFA
                                                                                                                                • EC_GROUP_free.ADB ref: 013FDF0A
                                                                                                                                • OPENSSL_free.ADB ref: 013FDF15
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FDF1E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_error$L_mallocP_free$N_num_bitsO_refcount_incmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c$external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 3985373344-1377655820
                                                                                                                                • Opcode ID: 244f1a790a568851658149ce7b0c42e08dd51928699e4ccda9ed79ff0b5cfb6a
                                                                                                                                • Instruction ID: 95a227f1ba12d069c6b32952ac566688f7b6ee7a1f7779304f839291dc42157f
                                                                                                                                • Opcode Fuzzy Hash: 244f1a790a568851658149ce7b0c42e08dd51928699e4ccda9ed79ff0b5cfb6a
                                                                                                                                • Instruction Fuzzy Hash: 67518DB16403019FE720AF55DC49F577BA4AF20B08F45406DEA095F2A2E3B6E558CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FAC50, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 135COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FAC65
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(017287C0), ref: 013FACA7
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(017287C0), ref: 013FACBB
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FACCD
                                                                                                                                • BN_bin2bn.ADB(00000000,00000000,00000000), ref: 013FAD27
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FAF50, 013FAFA1
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013FAF38
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocN_bin2bnO_onceX_lock_readX_unlock_read
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1997066980-4021196227
                                                                                                                                • Opcode ID: b769c867a3bc063e2da75078a0a23a4d923f358e2d1704d979ffd9ec82d6948c
                                                                                                                                • Instruction ID: 46b7302e7cab837e725fd6be81a9d23d42fc44f231e9ad7b5f9d3ffc2169ae4b
                                                                                                                                • Opcode Fuzzy Hash: b769c867a3bc063e2da75078a0a23a4d923f358e2d1704d979ffd9ec82d6948c
                                                                                                                                • Instruction Fuzzy Hash: 294126F5A443055BE720AF56EC42B1BB7A4AFA070CF45402DFE4C2B393E7B1A6158792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F21A0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 202COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/sqrt.c
                                                                                                                                • API String ID: 0-507451178
                                                                                                                                • Opcode ID: 64623941c4ea4df48116d3a350a019603f0c83c05d9da57cfd25f39be9f72b2a
                                                                                                                                • Instruction ID: d10bfab7cef899bd571df2783e7b0c5e5db8a316d29aae84eca1cb795f824905
                                                                                                                                • Opcode Fuzzy Hash: 64623941c4ea4df48116d3a350a019603f0c83c05d9da57cfd25f39be9f72b2a
                                                                                                                                • Instruction Fuzzy Hash: 0761C875604306EFE7209F199C59B2BB7E8AF5075CF49842CFE4A9B281E774D900CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531740, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(?,00000000,00000000,-00000020,?,?,013FCEF5,017287C4,00000000,-00000020), ref: 01531757
                                                                                                                                • sk_num.ADB(00000000,-00000020), ref: 01531762
                                                                                                                                • sk_dup.ADB(00000000,?,-00000020), ref: 01531771
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_malloc.ADB(00000014,?,-00000020,?,?,01531776,00000000,?,-00000020), ref: 01424B07
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_malloc.ADB(00000010,00000000), ref: 01424B3D
                                                                                                                                  • Part of subcall function 01424AF0: OPENSSL_realloc.ADB(?,?,?,00000000), ref: 01424B7B
                                                                                                                                  • Part of subcall function 01424AF0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 01424B9C
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(?,?,?,-00000020), ref: 0153177C
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,000000DD,?,?,?,-00000020), ref: 01531798
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(?,?,-00000020), ref: 015317A6
                                                                                                                                • sk_num.ADB(00000000,?,?,-00000020), ref: 015317B1
                                                                                                                                • sk_num.ADB(00000000,?,?,?,?,?,-00000020), ref: 015317F4
                                                                                                                                • sk_value.ADB(00000000,00000000,?,?,?,-00000020), ref: 01531802
                                                                                                                                • sk_num.ADB(?,?,?,?,?,?,?,?,?,-00000020), ref: 01531827
                                                                                                                                • sk_value.ADB(?,00000000,?,?,?,?,?,?,?,?,?,-00000020), ref: 0153183A
                                                                                                                                • sk_free.ADB(00000000,?,?,?,-00000020), ref: 01531847
                                                                                                                                • sk_free.ADB(?,?,?,?,?,-00000020), ref: 01531855
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/ex_data.c, xrefs: 0153178D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: sk_num$L_mallocX_unlock_readsk_freesk_value$ErrorL_freeL_reallocLastO_get_thread_localR_put_errorX_lock_readmemcpysk_dup
                                                                                                                                • String ID: external/boringssl/src/crypto/ex_data.c
                                                                                                                                • API String ID: 3155809445-3791220694
                                                                                                                                • Opcode ID: 9e89985a740a6a4b3485c2eb9c48daac47fad4f64077639aa0166b80582319b7
                                                                                                                                • Instruction ID: ed8f35ebef78fa5f23da116015619cd096f5ed3814afb50b5a7286efd986dfd8
                                                                                                                                • Opcode Fuzzy Hash: 9e89985a740a6a4b3485c2eb9c48daac47fad4f64077639aa0166b80582319b7
                                                                                                                                • Instruction Fuzzy Hash: AA313BF19006116BE6116A36ECC1B1B7BD4FFB4188F0C0439FA8A5B562F671E990C7A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01408FE0, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 309COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 0140905C
                                                                                                                                • BN_num_bits.ADB(?), ref: 01409080
                                                                                                                                • OPENSSL_malloc.ADB(-00000007), ref: 01409107
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_malloc.ADB(31000000), ref: 01408B49
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_free.ADB(?), ref: 01408B5F
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_cleanse.ADB(?,?), ref: 01408BC3
                                                                                                                                  • Part of subcall function 01408AF0: OPENSSL_cleanse.ADB(?,?), ref: 01408C19
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000071,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000212), ref: 01409285
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 01409292
                                                                                                                                • OPENSSL_free.ADB(?), ref: 0140929E
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000008B,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,0000022D), ref: 014092D8
                                                                                                                                • EVP_DigestInit_ex.ADB(?,?), ref: 014092EF
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 0140935E
                                                                                                                                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 01409374
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000069,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,0000023C), ref: 01409390
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_cleanseL_freeR_put_error$L_mallocN_num_bits$DigestInit_exmallocmemcmp
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 1640542325-2078984126
                                                                                                                                • Opcode ID: 4317834853063860acd16ed143f69ff5f13cc2d3df5ce3263f1d10a180a4c1c1
                                                                                                                                • Instruction ID: d8844c9a5c9cd5ece27b57a2c7fe78ab9db6cdc6731def3b4dc524ca50bf5911
                                                                                                                                • Opcode Fuzzy Hash: 4317834853063860acd16ed143f69ff5f13cc2d3df5ce3263f1d10a180a4c1c1
                                                                                                                                • Instruction Fuzzy Hash: BFB11771A083019BD7118F2ACC41A6BB7E5BFD4318F044A2EFA99672E3D771E945C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01402860, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 221COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402909
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402920
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 0140296D
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0140298A
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000080), ref: 014029AF
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402A46
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402A5B
                                                                                                                                • OPENSSL_malloc.ADB(831051FF), ref: 01402B17
                                                                                                                                • OPENSSL_free.ADB(?), ref: 01402B28
                                                                                                                                • EVP_MD_CTX_copy_ex.ADB(?,?), ref: 01402B5F
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 01402B82
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 01402B77
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_malloc$L_cleanseR_put_errorX_copy_exmemcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 3437616834-820803757
                                                                                                                                • Opcode ID: e92616a2662c96fa35b042489dbeb0602951ee1a3f439312e0d4c130a62842e1
                                                                                                                                • Instruction ID: ad16d50429966dd7dabf9cf172761ec6c7c0acd4f149635873650c024730835f
                                                                                                                                • Opcode Fuzzy Hash: e92616a2662c96fa35b042489dbeb0602951ee1a3f439312e0d4c130a62842e1
                                                                                                                                • Instruction Fuzzy Hash: 94A1B570848BC5A7EB235F2DD846BE6F3B4BFA4215F044725EE8412161F732A6D6C782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D58C0, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D58CB
                                                                                                                                • ASN1_item_new.ADB(?), ref: 013D58DC
                                                                                                                                • CRYPTO_BUFFER_data.ADB(?), ref: 013D58F5
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D5905
                                                                                                                                • ASN1_item_d2i.ADB(?,?,00000000,?), ref: 013D591B
                                                                                                                                • CRYPTO_BUFFER_data.ADB(?), ref: 013D592E
                                                                                                                                • CRYPTO_BUFFER_len.ADB(?), ref: 013D5939
                                                                                                                                • CRYPTO_BUFFER_up_ref.ADB(?), ref: 013D5946
                                                                                                                                  • Part of subcall function 01521F30: CRYPTO_refcount_inc.ADB(?,013D594B,?), ref: 01521F38
                                                                                                                                • ERR_put_error.ADB(00000010,00000000,00000045,external/boringssl/src/crypto/x509/x_x509.c,0000009C), ref: 013D5963
                                                                                                                                • ASN1_item_free.ADB(?,?), ref: 013D5976
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/x509/x_x509.c, xrefs: 013D5958
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_len$R_data$N1_item_d2iN1_item_freeN1_item_newO_refcount_incR_put_errorR_up_ref
                                                                                                                                • String ID: external/boringssl/src/crypto/x509/x_x509.c
                                                                                                                                • API String ID: 1886072032-1906900934
                                                                                                                                • Opcode ID: 5d7bba055a2440f593dbd113669a230d1955dc92f28e13c6358a3ed2e5e9ff4b
                                                                                                                                • Instruction ID: 6517d6237c643d713177301e27a50e9283b28bf2ec07150c0e1aa4ef82a2375d
                                                                                                                                • Opcode Fuzzy Hash: 5d7bba055a2440f593dbd113669a230d1955dc92f28e13c6358a3ed2e5e9ff4b
                                                                                                                                • Instruction Fuzzy Hash: C611C8E7E0031267E21076357C82E3F79A85BF3998F080039F95A9A282F771F91491B3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01409800, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000060,?,?,?,014097F7,00000000), ref: 01409805
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ENGINE_get_RSA_method.ADB(?), ref: 014098C9
                                                                                                                                • CRYPTO_once.ADB(01742B50,0140DD00), ref: 014098E1
                                                                                                                                • CRYPTO_MUTEX_init.ADB(00000030,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01409910
                                                                                                                                • CRYPTO_new_ex_data.ADB(-00000024), ref: 0140991C
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287D0,00000000,-00000024), ref: 0140993E
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140995A
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000041,external/boringssl/src/crypto/fipsmodule/rsa/rsa.c,0000005A), ref: 01409971
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/rsa.c, xrefs: 01409966
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_methodE_get_L_freeL_mallocO_free_ex_dataO_new_ex_dataO_onceR_put_errorX_initmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/rsa.c
                                                                                                                                • API String ID: 559418064-3754478375
                                                                                                                                • Opcode ID: ff24a82763d49f072dc548fc66855d643f5836d4cd728272f7086aa190067e82
                                                                                                                                • Instruction ID: 37c67ce6569209b94039db554cee968bd78a60016ca2a887ce6a65dd6fd8d690
                                                                                                                                • Opcode Fuzzy Hash: ff24a82763d49f072dc548fc66855d643f5836d4cd728272f7086aa190067e82
                                                                                                                                • Instruction Fuzzy Hash: 90415EF1500B03ABE3119F26D859B47BBE4BF5030CF144528E5094BB91E7BAE569CBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 015315A0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(0000000C,?,?,013D59D5,017287B4,?,?,?,?), ref: 015315A4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_write.ADB(?), ref: 015315CB
                                                                                                                                • sk_new_null.ADB ref: 015315DA
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000014,00000000,015315DF), ref: 014244E3
                                                                                                                                  • Part of subcall function 014244E0: OPENSSL_malloc.ADB(00000010), ref: 01424515
                                                                                                                                • sk_push.ADB(?,00000000), ref: 015315E8
                                                                                                                                • sk_num.ADB(?), ref: 015315FB
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,0000008A), ref: 01531624
                                                                                                                                • ERR_put_error.ADB(0000000E,00000000,00000041,external/boringssl/src/crypto/ex_data.c,0000009A), ref: 01531640
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 01531649
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_write.ADB(?), ref: 01531654
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_malloc$R_put_error$L_freeX_lock_writeX_unlock_writemallocsk_new_nullsk_numsk_push
                                                                                                                                • String ID: external/boringssl/src/crypto/ex_data.c
                                                                                                                                • API String ID: 764249877-3791220694
                                                                                                                                • Opcode ID: 0db09b747b0286d5d16d8eaf4989bfec6280ec32646cdff96a3fce9fa5f9e6f0
                                                                                                                                • Instruction ID: a227c0eba4f7b3ddb7c4d42bea812670c68e884e1f5598fa9301672eb7337d7f
                                                                                                                                • Opcode Fuzzy Hash: 0db09b747b0286d5d16d8eaf4989bfec6280ec32646cdff96a3fce9fa5f9e6f0
                                                                                                                                • Instruction Fuzzy Hash: E71129F5A4072267E620AA65AC41F1BB7D0BFB0640F48443EF94EAB691F670E440C6A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D31E0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D31E4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D3249
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000007D,external/boringssl/src/crypto/evp/evp.c,00000175), ref: 013D32B1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D32CE
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D32DC
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000), ref: 013D32E5
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013D3316
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_freeL_mallocO_refcount_dec_and_test_zeroR_add_error_datafmalloc
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 143220537-1871829391
                                                                                                                                • Opcode ID: eef742f1c722dff45d1bab6f45b035bc85333bd43869000fc2b50c4db3a8a7c0
                                                                                                                                • Instruction ID: aa6d49b34858c4223b767ca88bf92770dadf41f7fb0b2267fe3095bae4e763f0
                                                                                                                                • Opcode Fuzzy Hash: eef742f1c722dff45d1bab6f45b035bc85333bd43869000fc2b50c4db3a8a7c0
                                                                                                                                • Instruction Fuzzy Hash: F431E4F2B80311ABFB219A1DEC05F5B3AA47B50718F058029F6099B2A1DBB1E845C753
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D3090, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D3094
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D30F9
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000007D,external/boringssl/src/crypto/evp/evp.c,0000015D), ref: 013D3161
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D317E
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D318C
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000), ref: 013D3195
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013D31C6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_freeL_mallocO_refcount_dec_and_test_zeroR_add_error_datafmalloc
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 143220537-1871829391
                                                                                                                                • Opcode ID: 65c212268d5472e3ffa80e5eeef3e85ab1b51456aa34d0d03bc04fb36ccbbe0b
                                                                                                                                • Instruction ID: 890526a46eb66481486de485202f2663d605162f529862841655ced7ae276caf
                                                                                                                                • Opcode Fuzzy Hash: 65c212268d5472e3ffa80e5eeef3e85ab1b51456aa34d0d03bc04fb36ccbbe0b
                                                                                                                                • Instruction Fuzzy Hash: 5531E6F27843125BE721AA2AFC06F5B3AB47B50708F058029F60A5B2E1D7B5E951C753
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD040, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_new_method.ADB(00000000), ref: 013FD04E
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_malloc.ADB(00000024,?,?,013FCE37,00000000), ref: 013FCE44
                                                                                                                                  • Part of subcall function 013FCE40: ENGINE_get_ECDSA_method.ADB(?,?,?,?,?,?,?,?,00000000), ref: 013FCE9F
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_new_ex_data.ADB(-00000020,?,?,?,?,?,?,?,00000000), ref: 013FCEC9
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_free_ex_data.ADB(017287C4,00000000,-00000020), ref: 013FCEF0
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_free.ADB(00000000), ref: 013FCF09
                                                                                                                                • EC_GROUP_cmp.ADB(00000000), ref: 013FD073
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000082,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000DE), ref: 013FD092
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000B7), ref: 013FD0AC
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FD0C5
                                                                                                                                • EC_KEY_set_public_key.ADB(00000000,?), ref: 013FD0D8
                                                                                                                                • EC_KEY_set_private_key.ADB(00000000,?), ref: 013FD0ED
                                                                                                                                • EC_KEY_free.ADB(00000000), ref: 013FD10A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$A_methodE_get_ErrorL_mallocLastO_free_ex_dataO_get_thread_localO_new_ex_dataO_refcount_incP_cmpY_freeY_new_methodY_set_private_keyY_set_public_key
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1171521352-3769350328
                                                                                                                                • Opcode ID: cf9aee4fc735ef5065af9705ca612d8b6e04ff36d6511aa9c55d9250db93095f
                                                                                                                                • Instruction ID: fa3ecfb3c04a5f3e660bf396736444914d644a135540757842101ab716877760
                                                                                                                                • Opcode Fuzzy Hash: cf9aee4fc735ef5065af9705ca612d8b6e04ff36d6511aa9c55d9250db93095f
                                                                                                                                • Instruction Fuzzy Hash: E4218AB574030767FA606EA9AC49F27779C6B20A4CF08003DEF09DB281F661E51586B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014087F0, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 246COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_once.ADB(01742954,013F7810), ref: 01408813
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,0000007E,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000155), ref: 01408873
                                                                                                                                • EVP_Digest.ADB(?,?,?,00000000,?), ref: 014088AA
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 014088DB
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 0140891B
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 01408947
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DigestL_mallocO_onceR_put_errormemcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 1073310367-2078984126
                                                                                                                                • Opcode ID: 935fbcfb0464c92dbde196ce604ed21ecca5cfbd4bfe6c8000aa656e114f1fd2
                                                                                                                                • Instruction ID: d3e8c16a3c1d0347fba7d002f0028efa8b2400dd9c50a70d65233e0600ddf7ab
                                                                                                                                • Opcode Fuzzy Hash: 935fbcfb0464c92dbde196ce604ed21ecca5cfbd4bfe6c8000aa656e114f1fd2
                                                                                                                                • Instruction Fuzzy Hash: 5E91E631E083429BD715CF29D941A6BB7E1BFD4204F048A3DF99997392E730E985CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EE960, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE96E
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000009C), ref: 013E1638
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE979
                                                                                                                                  • Part of subcall function 013E1610: sk_new_null.ADB ref: 013E164F
                                                                                                                                  • Part of subcall function 013E1610: sk_num.ADB ref: 013E1662
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_malloc.ADB(00000014), ref: 013E1670
                                                                                                                                  • Part of subcall function 013E1610: sk_push.ADB(?,00000000), ref: 013E16A3
                                                                                                                                  • Part of subcall function 013E1610: sk_value.ADB(?,?), ref: 013E16B4
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,000000AE), ref: 013E1727
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_free.ADB(00000000), ref: 013E1738
                                                                                                                                  • Part of subcall function 013E1610: OPENSSL_free.ADB(00000000), ref: 013E1750
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE985
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E16DE
                                                                                                                                  • Part of subcall function 013E1610: ERR_put_error.ADB(00000003,00000000,00000074,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,000000AE), ref: 013E1704
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013EE991
                                                                                                                                • CRYPTO_once.ADB(017423C0,013E02A0), ref: 013EE9D3
                                                                                                                                  • Part of subcall function 013DFC20: ERR_put_error.ADB(00000003,00000000,00000064,external/boringssl/src/crypto/fipsmodule/bn/add.c,000000FB,?,?,?,?,?,?,?,?), ref: 013DFD53
                                                                                                                                • BN_count_low_zero_bits.ADB ref: 013EE9F9
                                                                                                                                • bn_rshift_secret_shift.ADB(00000000,?,00000000,?), ref: 013EEA0A
                                                                                                                                • BN_num_bits.ADB ref: 013EEA1D
                                                                                                                                • BN_from_montgomery.ADB(00000000,?,?,?), ref: 013EEA44
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$X_get$L_free$L_mallocN_count_low_zero_bitsN_from_montgomeryN_num_bitsO_oncebn_rshift_secret_shiftsk_new_nullsk_numsk_pushsk_value
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2418275391-0
                                                                                                                                • Opcode ID: c77c0afc1dea5c82b3898ac75d1e685419dfe314ec022a940d0a80db95b1e1a0
                                                                                                                                • Instruction ID: 7131d268a9f5c2cf1230fdfb6e870a4dcb4a120e00bcc85241e6d30514f819b5
                                                                                                                                • Opcode Fuzzy Hash: c77c0afc1dea5c82b3898ac75d1e685419dfe314ec022a940d0a80db95b1e1a0
                                                                                                                                • Instruction Fuzzy Hash: 284161B55003129FFB14DF19E848A27BBE9FB54208F04443CE95A87391E731E955CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCF80, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(00000000,00000000,?,013FCF59,00000000), ref: 013FCF92
                                                                                                                                • EC_GROUP_free.ADB(?,00000000), ref: 013FCFC0
                                                                                                                                • EC_GROUP_free.ADB(?,?,00000000), ref: 013FCFD1
                                                                                                                                • OPENSSL_free.ADB(?,?,?,00000000), ref: 013FCFDA
                                                                                                                                • OPENSSL_free.ADB(?,?,00000000), ref: 013FCFE5
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FCFFD
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FD018
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287C4,?,?,?,?,00000000), ref: 013FD02A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$P_free$O_free_ex_dataO_refcount_dec_and_test_zero
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1527703775-0
                                                                                                                                • Opcode ID: 4c89fb192d713328c21de7d67e2b4843196041d47c1c7f3600ae7178b6032ef0
                                                                                                                                • Instruction ID: bb98a73c52d015e6df781202250f16914ff69eea96bed5b1d6b5f97564b9db40
                                                                                                                                • Opcode Fuzzy Hash: 4c89fb192d713328c21de7d67e2b4843196041d47c1c7f3600ae7178b6032ef0
                                                                                                                                • Instruction Fuzzy Hash: 4B110BF6A0071357E621AE69F804EABB7747F6065CB44443DDA0547221F732F417D782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01420FF0, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                • OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • OPENSSL_malloc.ADB(0000010C,00000054), ref: 0142108F
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,0000010C,?,00000054), ref: 014210A5
                                                                                                                                • CRYPTO_set_thread_local.ADB(00000000,00000000,014217D0,?,?,?,?,00000054), ref: 014210B5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorL_freeL_mallocLastO_get_thread_localO_set_thread_localmemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1895369166-0
                                                                                                                                • Opcode ID: d73116dde163b0f534acb36dd575a35c4a070029db120f283f47b4a28cfc6799
                                                                                                                                • Instruction ID: 56d12e8846f9c9b3d6c965ec022dbe9d1c50b53b59552f3dcd502cfcb7342ae7
                                                                                                                                • Opcode Fuzzy Hash: d73116dde163b0f534acb36dd575a35c4a070029db120f283f47b4a28cfc6799
                                                                                                                                • Instruction Fuzzy Hash: F31156F2A007155BE320EB15DC417A777E0EFA0758F414029F8CDCB342E639E5858B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FAB20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(000000D0,00000000,?,013FA9F6,?), ref: 013FAB2F
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • CRYPTO_refcount_inc.ADB(?,?), ref: 013FAB4A
                                                                                                                                  • Part of subcall function 015146B0: CRYPTO_STATIC_MUTEX_lock_write.ADB(01728998,?,013D29A9,?), ref: 015146BA
                                                                                                                                  • Part of subcall function 015146B0: CRYPTO_STATIC_MUTEX_unlock_write.ADB(01728998), ref: 015146D1
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(-00000004,00000000,000000CC,?), ref: 013FAB61
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002A9,00000000,?,013FA9F6,?), ref: 013FAB89
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocO_refcount_incR_put_errorX_lock_writeX_unlock_writemallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 1736670572-1759677748
                                                                                                                                • Opcode ID: 498260c90edce6a61ea6e45f9204a1baf22ff2a0a25f05c00a1d6a2b958f5076
                                                                                                                                • Instruction ID: 3a0c02312bd3a93518de81a7db33cf9561deff2abf8036b1ab41d6cdb6ff6089
                                                                                                                                • Opcode Fuzzy Hash: 498260c90edce6a61ea6e45f9204a1baf22ff2a0a25f05c00a1d6a2b958f5076
                                                                                                                                • Instruction Fuzzy Hash: 8BF090A6B803167AF9602559AC0BF4272985B60F1CF040A3EF74DBB6C5E5E0D98182D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014099B0, Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(?), ref: 014099BE
                                                                                                                                • CRYPTO_free_ex_data.ADB(017287D0,?,?), ref: 014099EE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_free_ex_dataO_refcount_dec_and_test_zero
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 471459411-0
                                                                                                                                • Opcode ID: d439d04b8b2e32137b4bcc9e66466000e5c90a0d8f4c6ad36071b4e53f329f33
                                                                                                                                • Instruction ID: cea7a6ac73c86f519ea53417ac58baf8389ea1f523be0dfacba447889f06fd2e
                                                                                                                                • Opcode Fuzzy Hash: d439d04b8b2e32137b4bcc9e66466000e5c90a0d8f4c6ad36071b4e53f329f33
                                                                                                                                • Instruction Fuzzy Hash: 9011A576600B008BD6329E6FE400613F7B6BEC0D2835E093E895E27B66E731F4118B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531D80, Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_STATIC_MUTEX_lock_read.ADB(017289D4,?,?,013D5C4E,?), ref: 01531D9B
                                                                                                                                • lh_retrieve.ADB(00000000,?,01532670,01532680), ref: 01531DB8
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(017289D4), ref: 01531DCB
                                                                                                                                • CRYPTO_STATIC_MUTEX_unlock_read.ADB(017289D4), ref: 01531DDD
                                                                                                                                • bsearch.API-MS-WIN-CRT-UTILITY-L1-1-0(?,016ABD88,00000370,00000002,01531E20), ref: 01531DF7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_unlock_read$X_lock_readbsearchlh_retrieve
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2407667304-0
                                                                                                                                • Opcode ID: 52168c4e8dd215d4781aa40c880e5cb80ff0556b80b19096f27a9bfc234858a4
                                                                                                                                • Instruction ID: 0f8149cd5d812c55dc23c92cfda6e60b3e8b407a036548bd5661cf197cc24c46
                                                                                                                                • Opcode Fuzzy Hash: 52168c4e8dd215d4781aa40c880e5cb80ff0556b80b19096f27a9bfc234858a4
                                                                                                                                • Instruction Fuzzy Hash: D201A7A1740B0366E721B63EAC5AF3B67D4BFD2A00F44483CF506EF640EA61E8508366
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FA800, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CRYPTO_refcount_dec_and_test_zero.ADB(013FA8E5,00000000,013FA7D9,00000000), ref: 013FA818
                                                                                                                                • OPENSSL_free.ADB(689066CE,00000000), ref: 013FA83B
                                                                                                                                • OPENSSL_free.ADB(014007D0,00000000), ref: 013FA84D
                                                                                                                                • OPENSSL_free.ADB(013FA7E1,00000000), ref: 013FA868
                                                                                                                                • BN_MONT_CTX_free.ADB(0000841F,?,00000000), ref: 013FA873
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$O_refcount_dec_and_test_zeroX_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1852816247-0
                                                                                                                                • Opcode ID: 9ce528e6d3c76d151004cdfb5a04ab0a9a446cfcd96809f2a4f9a80093fa5ec6
                                                                                                                                • Instruction ID: d68c2ab647cdc59c206ce061e758a1d5ad6425f99b9268311c28c794419ee38a
                                                                                                                                • Opcode Fuzzy Hash: 9ce528e6d3c76d151004cdfb5a04ab0a9a446cfcd96809f2a4f9a80093fa5ec6
                                                                                                                                • Instruction Fuzzy Hash: CB01D4B19003118BEA319E29E844B977FE86F2020CF48843DDA4E97621E771F587CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD940, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 258COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(00000000,?), ref: 013FD95B
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000077,external/boringssl/src/crypto/fipsmodule/ec/oct.c,00000057), ref: 013FD977
                                                                                                                                • BN_num_bits.ADB(-00000024), ref: 013FDA2D
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_num_bitsP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 1287074226-1227443160
                                                                                                                                • Opcode ID: 463972cc686b4b5aac5f02c25f53e7323baa7b2d9413cf079cfffe98433f861e
                                                                                                                                • Instruction ID: 971e922f4dfe54664079fb367dc6e64400b9506678cb5a54f8cc9db19edb2b3e
                                                                                                                                • Opcode Fuzzy Hash: 463972cc686b4b5aac5f02c25f53e7323baa7b2d9413cf079cfffe98433f861e
                                                                                                                                • Instruction Fuzzy Hash: 3CA14771D2979246EB128A7CCC46766B791AFE7288F04C71EFEE4B2293F770D1808641
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EB8D0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000069,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000000A5), ref: 013EB983
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013EB9D1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errormemcpy
                                                                                                                                • String ID: @$external/boringssl/src/crypto/fipsmodule/bn/montgomery.c
                                                                                                                                • API String ID: 1385177007-3702601206
                                                                                                                                • Opcode ID: 0b6723cdd1920bb46d6a4b17f49ad82e3f26c60fac094d4cab9adf4ede296272
                                                                                                                                • Instruction ID: 3075ccd31f2e0d6a91061f16806e2438cb2af0b7d0a1a25389415a14aa614694
                                                                                                                                • Opcode Fuzzy Hash: 0b6723cdd1920bb46d6a4b17f49ad82e3f26c60fac094d4cab9adf4ede296272
                                                                                                                                • Instruction Fuzzy Hash: 6E51267160432A8FE7128F28DC86B65F7D5BF91308F18822DF949AB2C9E7759951C780
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01532920, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(0000000C,?,?,014217D0,?,?,?,?,00000054), ref: 0153299C
                                                                                                                                • OPENSSL_free.ADB(00000000,?,?,?,?,?,014217D0), ref: 015329D2
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,014217D0,?,?,?,?,00000054), ref: 015329E7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocabort
                                                                                                                                • String ID: 8q
                                                                                                                                • API String ID: 3740224953-4039321976
                                                                                                                                • Opcode ID: 848aefbe3468c044f397d9a7aa7286dc20cc0a0da8d508f9d6bfe77e7ca31cd2
                                                                                                                                • Instruction ID: d9445ab981fc69363b786e681f9d5a792757b5093598d78ce3b9c20999258a94
                                                                                                                                • Opcode Fuzzy Hash: 848aefbe3468c044f397d9a7aa7286dc20cc0a0da8d508f9d6bfe77e7ca31cd2
                                                                                                                                • Instruction Fuzzy Hash: 2131FBB66007025BE7206B59BC02B6B7B94FFA0594F44403AED485B212E773E465C3A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD120, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FD135
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000082,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,000000DE), ref: 013FD154
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • CRYPTO_refcount_inc.ADB(?), ref: 013FD171
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FD146
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorL_freeLastO_get_thread_localO_refcount_incP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 314022280-3769350328
                                                                                                                                • Opcode ID: eeec56a6a31f528bc9bad4f1b56812f03320474bec408146aa35544f95fed33e
                                                                                                                                • Instruction ID: 707553b0c95c61a938931396177d4d0e5e57912977310898a5af5b819f90e1ec
                                                                                                                                • Opcode Fuzzy Hash: eeec56a6a31f528bc9bad4f1b56812f03320474bec408146aa35544f95fed33e
                                                                                                                                • Instruction Fuzzy Hash: 71F02BB1A0031377E77065AC6C09B13779C6F10B18F04492DFE0197284E6A4E44486E1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F6D00, Relevance: 6.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DES_encrypt3.ADB(?,?,?,?), ref: 013F6D7E
                                                                                                                                • DES_encrypt3.ADB(?,?,?,00000000), ref: 013F6E6B
                                                                                                                                • DES_decrypt3.ADB(?,?,?,?), ref: 013F6EE8
                                                                                                                                • DES_decrypt3.ADB(00000000,?,?,?), ref: 013F6F95
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: S_decrypt3S_encrypt3
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3533206369-0
                                                                                                                                • Opcode ID: f109d3383c8840b9d671c8d57b054c35a8c2aabcc73823f1854ea65ae7830786
                                                                                                                                • Instruction ID: 7be7ac740d7b7e0242f6f2e0b46b497ba10c475384e8093144e8c4e700b6c038
                                                                                                                                • Opcode Fuzzy Hash: f109d3383c8840b9d671c8d57b054c35a8c2aabcc73823f1854ea65ae7830786
                                                                                                                                • Instruction Fuzzy Hash: 69C13871609786DFC705CF1CC88055AFFE1AFA9204F49CA9DE9D89B352C231E815CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E4530, Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_mod_pow2.ADB(?,?,?), ref: 013E4543
                                                                                                                                  • Part of subcall function 013E4420: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000000), ref: 013E4472
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013E461A
                                                                                                                                • CRYPTO_once.ADB(017423C0,013E02A0), ref: 013E4698
                                                                                                                                • BN_add.ADB(?,?,017423C4), ref: 013E46A7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_addN_mod_pow2O_oncememcpymemset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1832626755-0
                                                                                                                                • Opcode ID: 5e42fe9c8080e7937175f55036c350c6bf64e2ff1daa999a08941c96b74fecc8
                                                                                                                                • Instruction ID: c73072524636aca2520a53cd7945a195577d7deb156e37d5b28ff014fbddbe85
                                                                                                                                • Opcode Fuzzy Hash: 5e42fe9c8080e7937175f55036c350c6bf64e2ff1daa999a08941c96b74fecc8
                                                                                                                                • Instruction Fuzzy Hash: D2412572A01711CBE7248E2CE809B66B7E5EFD936CF18872CE565E76C1E730A550CB40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F3350, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?), ref: 013F33AC
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/cipher.c, xrefs: 013F33D4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 2221118986-705831790
                                                                                                                                • Opcode ID: 8025aff4ea3f77cd530930f47a00b2e4a950548619641de0957e0457c4e4e471
                                                                                                                                • Instruction ID: 3cd6b74429e8b2a547542cc339759ec6ae637051f95fbf34a73ef760cb6c8259
                                                                                                                                • Opcode Fuzzy Hash: 8025aff4ea3f77cd530930f47a00b2e4a950548619641de0957e0457c4e4e471
                                                                                                                                • Instruction Fuzzy Hash: B61182B0604206ABE710DA19CC84F6A7BDCFF4174CF14046EFB459A781DB76E895C761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EFDE0, Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 250COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 410 13efde0-13efdf0 411 13efe02-13efe1a ERR_put_error 410->411 412 13efdf2-13efdfa 410->412 414 13efe1c-13efe25 411->414 412->411 413 13efdfc-13efe00 412->413 413->411 415 13efe26-13efef1 413->415 415->411 417 13efef7-13effdd BN_CTX_get 415->417 420 13f05b7 417->420 421 13effe3-13f0029 417->421 422 13f05b9 420->422 421->420 424 13f002f-13f003c BN_sub_word 421->424 425 13f05bb-13f05c8 BN_MONT_CTX_free 422->425 424->420 426 13f0042-13f0047 424->426 425->414 427 13f05ce-13f05e1 425->427 428 13f0051-13f0058 426->428 427->414 429 13f005a-13f0062 428->429 430 13f0050 428->430 429->430 431 13f0064-13f006f BN_CTX_get 429->431 430->428 431->420 432 13f0075-13f0086 BN_rshift 431->432 432->420 433 13f008c-13f00d1 BN_CTX_get * 5 432->433 433->422 434 13f00d7-13f00dd 433->434 434->422 435 13f00e3-13f00e8 434->435 435->422 436 13f00ee-13f00f3 435->436 436->422 437 13f00f9-13f0104 436->437 437->425 438 13f010a-13f011d BN_MONT_CTX_new_for_modulus 437->438 438->420 439 13f0123-13f012a 438->439 440 13f05a6-13f05b5 439->440 441 13f0130-13f014e call 13df4e0 439->441 440->425 444 13f0154-13f0170 call 13f09a0 441->444 445 13f0691-13f0694 441->445 444->445 448 13f0176-13f01a9 call 13e8c20 444->448 445->425 448->445 451 13f01af-13f01c3 BN_lshift 448->451 451->445 452 13f01c9-13f02e6 BN_mod_exp_mont 451->452 454 13f068d 452->454 455 13f02ec-13f02f3 452->455 454->445 456 13f02f9-13f032a 455->456 457 13f04b8-13f04bd 455->457 456->457 459 13f05ef-13f05ff BN_copy 456->459 457->440 457->456 459->445 460 13f0605-13f0617 BN_mod_mul 459->460 460->445 461 13f0619-13f0624 BN_is_one 460->461 461->454
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000077,external/boringssl/src/crypto/fipsmodule/bn/prime.c,0000031E), ref: 013EFE12
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/prime.c, xrefs: 013EFE07
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/prime.c
                                                                                                                                • API String ID: 1767461275-1767484530
                                                                                                                                • Opcode ID: 34094f9c5e380e06a0e221324e6a721dc2a9d443860cf89a97e8714f1e9ebeec
                                                                                                                                • Instruction ID: dfd1eb734529f3f956d6e793e8d14e5a4a7c9d32f487ab80763fec46610d55c9
                                                                                                                                • Opcode Fuzzy Hash: 34094f9c5e380e06a0e221324e6a721dc2a9d443860cf89a97e8714f1e9ebeec
                                                                                                                                • Instruction Fuzzy Hash: 3D81D9B16043019BEB149E5DD848B2BB7E9AF9474CF08452CFE4D87392E7B1E810CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014009A0, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 205COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmp
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 2811770509-1227443160
                                                                                                                                • Opcode ID: 535362e65b96cef153c33cf8d8afdb053d9fbc03ae60e4479a198b318727f937
                                                                                                                                • Instruction ID: 352a6a8535099ab1d4fe5c85d74a60daa729e735a0b9caf8a9f5160e795cce7c
                                                                                                                                • Opcode Fuzzy Hash: 535362e65b96cef153c33cf8d8afdb053d9fbc03ae60e4479a198b318727f937
                                                                                                                                • Instruction Fuzzy Hash: DB61E2B1A08301AFE7229F1ADC41B2FBBE4AF90784F04443EF989573A1D771E9458B52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3120, Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 361COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 01425E20: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,00000001,01424A8E,?,?,?,00000000,?,?,?,015315ED,?,00000000), ref: 01425E3E
                                                                                                                                  • Part of subcall function 01425E20: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(-00000008,?,?,00000000), ref: 01425E5C
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E32CC
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E330F
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E333E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E339D
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E345C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000), ref: 013E3499
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E34BD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_getmemcpy$R_put_errormemset$L_reallocmalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 4103621695-2228489102
                                                                                                                                • Opcode ID: ae3512acc3d808158997b81c8260c21e831e451e6abec1b29ae422281b2bef55
                                                                                                                                • Instruction ID: 9e0af953129c672dcfd28d251a475cbe702f4830a4b453968961dff650a96948
                                                                                                                                • Opcode Fuzzy Hash: ae3512acc3d808158997b81c8260c21e831e451e6abec1b29ae422281b2bef55
                                                                                                                                • Instruction Fuzzy Hash: 61D1E075A043159FEB11DF28D885B2AFBE5BF94348F08C62DE99967381E730E950CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E7990, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 185COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_ucmp.ADB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 013E79B1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006B,external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c,000000AD), ref: 013E79CD
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c, xrefs: 013E79C2, 013E7A9D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/gcd_extra.c
                                                                                                                                • API String ID: 957535991-1233777809
                                                                                                                                • Opcode ID: f36d1f2df6b81556e3bc78b165f6069f76045297aaa3b81f08e1b761835492ba
                                                                                                                                • Instruction ID: a5c5013b89b5fbe7f49ee1993e99ac1c83f9d84fe95fdf98dd69677e350ee22e
                                                                                                                                • Opcode Fuzzy Hash: f36d1f2df6b81556e3bc78b165f6069f76045297aaa3b81f08e1b761835492ba
                                                                                                                                • Instruction Fuzzy Hash: 3E5117B1E143654FEB219F39D889716B7E4AF91648F04872DFD496B3C2E731E9408B81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC850, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC887
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000374), ref: 013FC8B1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC8D1
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013FC8EE
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,000000CC), ref: 013FCAA2
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013FCAC2
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013FCACD
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FCAD6
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC898, 013FC8A6
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013FCA85
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeP_cmp$L_mallocR_put_errormemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c$external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 4285960366-4021196227
                                                                                                                                • Opcode ID: b50905fa6bdee9b5e5832c5b2a1dc839bf80adccfd983c7d4115ed981e58e5df
                                                                                                                                • Instruction ID: ee8c38f66ac956bc51accdd508af8f1ae9b088bf32350af30d8a156580b7cc43
                                                                                                                                • Opcode Fuzzy Hash: b50905fa6bdee9b5e5832c5b2a1dc839bf80adccfd983c7d4115ed981e58e5df
                                                                                                                                • Instruction Fuzzy Hash: 1061C470944385ABFB268F18DC02FE677B8BFD031CF044518EA485B251E77296968BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013EDC40, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018,?), ref: 013EDCAC
                                                                                                                                • OPENSSL_realloc.ADB(00000000,00000080), ref: 013EDCEA
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013EDD11
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocL_realloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 2647832653-589256770
                                                                                                                                • Opcode ID: ec4a948f10506f22da1bcfafbdd8343dccbcdc975e4fc0d98958f3132b768d47
                                                                                                                                • Instruction ID: f3ceb12fe2cbbb5e6851f3e31e0b4bee6295e4220943edf193e92e504e8b1a0f
                                                                                                                                • Opcode Fuzzy Hash: ec4a948f10506f22da1bcfafbdd8343dccbcdc975e4fc0d98958f3132b768d47
                                                                                                                                • Instruction Fuzzy Hash: 0941C7B15043519FEB219F69D848B5BBBE4AF9070CF04482CE988572E1E3B6E549CB93
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6C60, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000004), ref: 013E6CAA
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E6CBA
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,0000016D), ref: 013E6CF4
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000044,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,000004D7), ref: 013E6D0C
                                                                                                                                • BN_mod_exp_mont.ADB(?,?,?,?,?,?), ref: 013E6D43
                                                                                                                                • OPENSSL_free.ADB ref: 013E6D58
                                                                                                                                • OPENSSL_free.ADB ref: 013E6D74
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c, xrefs: 013E6D01
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E6CE9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$R_put_error$L_mallocN_mod_exp_mont
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c
                                                                                                                                • API String ID: 702607669-79529261
                                                                                                                                • Opcode ID: 46fc9d18e15dec4a7225aacd82f7718b651d7d35dd71a7ebcd975b7adb7a81e9
                                                                                                                                • Instruction ID: 98a3adc8e3d3aea34f4288ca9a66c7a80dfaee8033be6d4676c49eb96726cc58
                                                                                                                                • Opcode Fuzzy Hash: 46fc9d18e15dec4a7225aacd82f7718b651d7d35dd71a7ebcd975b7adb7a81e9
                                                                                                                                • Instruction Fuzzy Hash: 6E31C1F1A00325ABEB109F19CC0AB6B77E8AFA0718F448019FD449B281E771E85187D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6D90, Relevance: 15.1, APIs: 10, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_mod_exp_mont.ADB(00000000,00000000,00000000,?,00000000,00000000), ref: 013E6DD2
                                                                                                                                  • Part of subcall function 013E5290: ERR_put_error.ADB(00000003,00000000,00000068,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,0000024E), ref: 013E52FF
                                                                                                                                • BN_mod_exp_mont.ADB(?,00000000,00000000,?,00000000,00000000), ref: 013E6DEC
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,00000000,00000000,00000000), ref: 013E6E00
                                                                                                                                  • Part of subcall function 013E5A20: ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000001A4,00000000,?,00000000,?,013E556E,00000000,00000000,?,?,?), ref: 013E5A48
                                                                                                                                • BN_mod_mul_montgomery.ADB(00000000,00000000,?,00000000,00000000), ref: 013E6E15
                                                                                                                                • OPENSSL_malloc.ADB(00000030), ref: 013E6E3C
                                                                                                                                • BN_MONT_CTX_set.ADB(00000000,?,?), ref: 013E6EAA
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E6EC4
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E6ECF
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E6EE3
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E6EF8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN_mod_exp_montN_mod_mul_montgomeryR_put_errorX_free$L_mallocX_set
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 675819701-0
                                                                                                                                • Opcode ID: 90146f503e28c071a9a6c437d6a2c7342e9f57295a160ca4abbc1529fe44ab26
                                                                                                                                • Instruction ID: c51fb784055c4d5cedc2249e3d9351a58972beb5a3a5c18dec69f01966fba046
                                                                                                                                • Opcode Fuzzy Hash: 90146f503e28c071a9a6c437d6a2c7342e9f57295a160ca4abbc1529fe44ab26
                                                                                                                                • Instruction Fuzzy Hash: B041CFB15003256BEB209F19CC49BAB7BE8EFA431CF44491CF8495B281E375E919CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E6480, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 218COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000068,external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c,00000392), ref: 013E650F
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c, xrefs: 013E64C7, 013E6504
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/exponentiation.c
                                                                                                                                • API String ID: 1767461275-3419384422
                                                                                                                                • Opcode ID: 16a22bd212de269ed0b5988056a040bd50b0e30be638b47f94cbde82108646b7
                                                                                                                                • Instruction ID: 5dcaa0e5748bd71badd31866e2c7d2d7116dc8bb93403888ce590c71b8b12349
                                                                                                                                • Opcode Fuzzy Hash: 16a22bd212de269ed0b5988056a040bd50b0e30be638b47f94cbde82108646b7
                                                                                                                                • Instruction Fuzzy Hash: 0A81F6F1A043119FE710CF29D88675BBBE5BFA4318F04862DF994A7281E375E944CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC3B0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC3C1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC405
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FC421
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC44E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC460
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FC478
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000078,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000332), ref: 013FC490
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$P_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 900039384-1759677748
                                                                                                                                • Opcode ID: 014b62e3a03ae7376509a87a64a8acfc7dc7cbea89eccf926893fc8fc5df701b
                                                                                                                                • Instruction ID: c7a9cfb866cd01e9688242d1d21a25f24119d650907950c2d0836508bf7f24c5
                                                                                                                                • Opcode Fuzzy Hash: 014b62e3a03ae7376509a87a64a8acfc7dc7cbea89eccf926893fc8fc5df701b
                                                                                                                                • Instruction Fuzzy Hash: 68212EF6BC02067BF6216529AC46F3B725CAF60B4CF04043CFB09725C1F6A5E51986A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD700, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_check_key.ADB(?), ref: 013FD71D
                                                                                                                                • ECDSA_do_sign.ADB(?,00000010,?), ref: 013FD742
                                                                                                                                • ECDSA_do_verify.ADB(00000010,00000010,00000000,?), ref: 013FD759
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013FD764
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000084,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000015A), ref: 013FD78A
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013FD798
                                                                                                                                  • Part of subcall function 013F8D50: OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D69
                                                                                                                                  • Part of subcall function 013F8D50: OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8D9C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000084,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000016C), ref: 013FD7B3
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$G_freeR_put_error$A_do_signA_do_verifyErrorLastO_get_thread_localY_check_key
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 773954367-3769350328
                                                                                                                                • Opcode ID: 21d3f9d5398538c94919749e5f2e3a9cd176776e4c8dee6f36b30e9d2fe5757a
                                                                                                                                • Instruction ID: 62bb3c60bb9177eff716727503d0931d17051480028d95b21651b7e66fc3808b
                                                                                                                                • Opcode Fuzzy Hash: 21d3f9d5398538c94919749e5f2e3a9cd176776e4c8dee6f36b30e9d2fe5757a
                                                                                                                                • Instruction Fuzzy Hash: 9C112BA1F4034523FB1029A95C4AF67325C5F20B2CF040539BF055E2C6F5A1D95481E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 014093E0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_num_bits.ADB(?), ref: 01409490
                                                                                                                                • ERR_put_error.ADB(00000004,00000000,00000078,external/boringssl/src/crypto/fipsmodule/rsa/padding.c,00000259), ref: 01409530
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 0140953D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/rsa/padding.c, xrefs: 014094B8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN_num_bitsR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/rsa/padding.c
                                                                                                                                • API String ID: 3956408723-2078984126
                                                                                                                                • Opcode ID: 662745a2668afe9d5d4482028a418bcf02b3b43dbd0ba15d0dd7fa20f41491a8
                                                                                                                                • Instruction ID: 2505e8a4162a53306037fefb434c07c2c85dcec325d4b3ae62907babedd7ac01
                                                                                                                                • Opcode Fuzzy Hash: 662745a2668afe9d5d4482028a418bcf02b3b43dbd0ba15d0dd7fa20f41491a8
                                                                                                                                • Instruction Fuzzy Hash: F851A272A043119FD701CF1AD885A5BBBA4BFC8218F45462DF98997352D731E901CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E1790, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/div.c, xrefs: 013E18F3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/div.c
                                                                                                                                • API String ID: 0-970073626
                                                                                                                                • Opcode ID: dfe2d1895025567e03b76c02f8ebf9a91869e94c9e5844ee114c6ef0b36c8f76
                                                                                                                                • Instruction ID: c3114af9843e850c2774e129f051b48c400777de80cbaf479225861c9fdb80a5
                                                                                                                                • Opcode Fuzzy Hash: dfe2d1895025567e03b76c02f8ebf9a91869e94c9e5844ee114c6ef0b36c8f76
                                                                                                                                • Instruction Fuzzy Hash: 15313671B043229FE7109F28C848B2BBBE5AF9425CF18452CE999873C1E330E841CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3F60, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E3F66
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013E3FCC
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E3FEF
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E4039
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E4044
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E404D
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E3FE4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 3003662701-589256770
                                                                                                                                • Opcode ID: ca8d965d56bd711705e9bac5c1a2ec7315912deec23d80c95081239dc02c9425
                                                                                                                                • Instruction ID: 13d37f49dcad356e0779e20166775d8ef8ca5540093fbdb379950cbb6bb7b7f9
                                                                                                                                • Opcode Fuzzy Hash: ca8d965d56bd711705e9bac5c1a2ec7315912deec23d80c95081239dc02c9425
                                                                                                                                • Instruction Fuzzy Hash: E321D6B56003116BE7116F19EC49F27BBE8AFA434CF098038E9099B2D2E776D915C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC4A0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_ucmp.ADB(?,013FC414,?), ref: 013FC4C9
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000043,external/boringssl/src/crypto/fipsmodule/ec/simple.c,000000C6,?,?,?,?,013FC3F0,?,?,?,?), ref: 013FC4F0
                                                                                                                                • BN_ucmp.ADB(?,013FC414), ref: 013FC523
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000065,external/boringssl/src/crypto/fipsmodule/ec/felem.c,0000001B), ref: 013FC53C
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,013FC2DC,00000044), ref: 013FC56C
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/simple.c, xrefs: 013FC4E5
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/felem.c, xrefs: 013FC4D7, 013FC531
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpR_put_error$memcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/felem.c$external/boringssl/src/crypto/fipsmodule/ec/simple.c
                                                                                                                                • API String ID: 882918445-3861758021
                                                                                                                                • Opcode ID: fdde8057ab67b63ac752763fd84d5d6a51753a02163ce8b088b034c90def0992
                                                                                                                                • Instruction ID: 6cd9e8b58a6b10f3691c081755c5036729f1846b6e25853629a7f0e182cef903
                                                                                                                                • Opcode Fuzzy Hash: fdde8057ab67b63ac752763fd84d5d6a51753a02163ce8b088b034c90def0992
                                                                                                                                • Instruction Fuzzy Hash: 1B214571AC030EABE6319A159C45F3776ACAB00B4CF05502DFB09771C2E3A5E514C6B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8C80, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000008), ref: 013F8C83
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013F8C99
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013F8CD6
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013F8CE4
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013F8D2B
                                                                                                                                • ECDSA_SIG_free.ADB(00000000), ref: 013F8D3B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_malloc$R_put_error$G_freemalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 172061303-2228489102
                                                                                                                                • Opcode ID: 50c650a9f5cf712989923d2239dd375d859e4894e00ae2e9bc30a31554bd4f0e
                                                                                                                                • Instruction ID: d211cd8754b5e856aad09e6ca24b9a1932dff3d5defa50c2d5ad98a48159be92
                                                                                                                                • Opcode Fuzzy Hash: 50c650a9f5cf712989923d2239dd375d859e4894e00ae2e9bc30a31554bd4f0e
                                                                                                                                • Instruction Fuzzy Hash: 931182F06403119EF7616F15EC1AB437AD06F20B08F4A84ADE6099F2E2E7F9D485C795
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FB940, Relevance: 12.0, APIs: 4, Strings: 4, Instructions: 39stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-224), ref: 013FB94B
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-256), ref: 013FB95D
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-384), ref: 013FB96F
                                                                                                                                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,P-521), ref: 013FB981
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: strcmp
                                                                                                                                • String ID: P-224$P-256$P-384$P-521
                                                                                                                                • API String ID: 1004003707-2589044153
                                                                                                                                • Opcode ID: f805644495762f00e3e651715ed445c1f52c6e7efb18d9f139099c70e8fdb037
                                                                                                                                • Instruction ID: fb769095dcc6df104083405b4dc9a712fefb126baff97033f5bbf84f43f78784
                                                                                                                                • Opcode Fuzzy Hash: f805644495762f00e3e651715ed445c1f52c6e7efb18d9f139099c70e8fdb037
                                                                                                                                • Instruction Fuzzy Hash: 20F065567067222AFE50222DBC0AACF55CC5F5119DF48403DFD0DE168DF655D94A80E6
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E47F0, Relevance: 10.8, APIs: 7, Instructions: 251COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E4816
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E4821
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E4873
                                                                                                                                • OPENSSL_realloc.ADB(?), ref: 013E48CC
                                                                                                                                • BN_num_bits.ADB(?), ref: 013E48F4
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?), ref: 013E4999
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: X_getmemcpy$L_reallocN_num_bits
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1741109858-0
                                                                                                                                • Opcode ID: bcbd4ee7e2e3fbc9a73aa9c33432a262d7ff79688827c5c92c0086f0b90eb47d
                                                                                                                                • Instruction ID: 841cc0fad09f8084916dc1189388329780da6fcb9c2320895d9c83ffc70b6e87
                                                                                                                                • Opcode Fuzzy Hash: bcbd4ee7e2e3fbc9a73aa9c33432a262d7ff79688827c5c92c0086f0b90eb47d
                                                                                                                                • Instruction Fuzzy Hash: C791B074604316DFEB20DF18D888B2ABBE5BF4831CF04856CE959DB681E731E954CB51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F94A0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000143,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94BF
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000085,external/boringssl/src/crypto/fipsmodule/ec/scalar.c,0000001C,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F94D7
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F95B4
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00000000,?,013F907F,?,?,?), ref: 013F95CB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013F94B4, 013F9597
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/scalar.c, xrefs: 013F94C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memcpymemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c$external/boringssl/src/crypto/fipsmodule/ec/scalar.c
                                                                                                                                • API String ID: 809555723-3652571076
                                                                                                                                • Opcode ID: 6a8e377a0dc33a9f0ad73f7c03b46ccd7505f7aa98a7a9f5c50625f5fe4ba42c
                                                                                                                                • Instruction ID: d69ef68416f2045e73f5c02726e95cf683b60e43685cc2c21c9f7904b8e56f44
                                                                                                                                • Opcode Fuzzy Hash: 6a8e377a0dc33a9f0ad73f7c03b46ccd7505f7aa98a7a9f5c50625f5fe4ba42c
                                                                                                                                • Instruction Fuzzy Hash: E24148317083058BE7209E38D845B26B792AFD535CF09833DFA5A77682EB71A941C780
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E77E0, Relevance: 10.6, APIs: 7, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5b68fa3386f46e465ae4c8be9b57fa50becf7fde903c1e6ec9f8184994d9c511
                                                                                                                                • Instruction ID: 7c3f70d6dda5d2ae993ef96266af22a3863a1ac3fa9471c5565874effc89c6f7
                                                                                                                                • Opcode Fuzzy Hash: 5b68fa3386f46e465ae4c8be9b57fa50becf7fde903c1e6ec9f8184994d9c511
                                                                                                                                • Instruction Fuzzy Hash: 372106B1900339ABEB219E599C49B7B7BDCAF2165CF404028FD445A282E371D811C7D2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2DD0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F2E02
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000088), ref: 013F2E11
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F2E29
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,?), ref: 013F2E46
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,0000006C,external/boringssl/src/crypto/fipsmodule/cipher/cipher.c,00000065), ref: 013F2E80
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/cipher.c, xrefs: 013F2E75, 013F2E98
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$L_freeL_mallocR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/cipher.c
                                                                                                                                • API String ID: 4159709324-705831790
                                                                                                                                • Opcode ID: 26c55226c7f6b7758f46601dc5b34f3a56ecd91dcc992f3bfb8feff8d129992a
                                                                                                                                • Instruction ID: 2d666082ae03f1bbc3bdd4e86b2817170aaea3f2146ac390c2d450217ab80f5d
                                                                                                                                • Opcode Fuzzy Hash: 26c55226c7f6b7758f46601dc5b34f3a56ecd91dcc992f3bfb8feff8d129992a
                                                                                                                                • Instruction Fuzzy Hash: AC21A470740312EBFB209E19DC95F673798AF60B08F28406CEB099A2D5E7B5D855C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E09F0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0A00
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 013E0A6C
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E0AB9
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0AAE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormallocmemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 3537532488-2228489102
                                                                                                                                • Opcode ID: 4138400bd4e70e757052001c07bed6d493b75456da41652be63a245a0b6071fb
                                                                                                                                • Instruction ID: 9549e3e689b6c2280c650967dfaeab03426f7523aafa6c34e92f2f010e4c4dad
                                                                                                                                • Opcode Fuzzy Hash: 4138400bd4e70e757052001c07bed6d493b75456da41652be63a245a0b6071fb
                                                                                                                                • Instruction Fuzzy Hash: FB21C1B170032A9FF721DF18D848B57B7E8AF5074CF0A8118F9045B2D1E7B29446CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F75D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F75ED
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013F75FD
                                                                                                                                • OPENSSL_cleanse.ADB(?,?), ref: 013F7649
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F766C
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F7679
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F7661
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_cleanseL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 3312742639-820803757
                                                                                                                                • Opcode ID: d8cf017bb302c33074a99010497e05dd4e77719c0e1967f2f35746b8999244e1
                                                                                                                                • Instruction ID: f16561f0571e52a6873352e510d1fa8917b711b9037faff5c2e88c14ec802651
                                                                                                                                • Opcode Fuzzy Hash: d8cf017bb302c33074a99010497e05dd4e77719c0e1967f2f35746b8999244e1
                                                                                                                                • Instruction Fuzzy Hash: D921D7B1904211AFEB00AF19DC05E9BBBA4EF50724F458129FD489B261E731E961C7D3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E0110, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0123
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E019F
                                                                                                                                  • Part of subcall function 013DF4E0: ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E017A
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E01B6
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E01CE
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0194
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeR_put_error$L_mallocmallocmemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 28858965-2228489102
                                                                                                                                • Opcode ID: b2d1fb02bffeb1a434bf47c41bfdbb52c2981a8f1585e262b457839e6c0ccb42
                                                                                                                                • Instruction ID: 2c0f62c274bfbdece893f400d9377484873bad441607d17ea17e490bcdce800a
                                                                                                                                • Opcode Fuzzy Hash: b2d1fb02bffeb1a434bf47c41bfdbb52c2981a8f1585e262b457839e6c0ccb42
                                                                                                                                • Instruction Fuzzy Hash: 9521A1B97003229BEB148F18DC89B52B7F4BF20348F448028F905AF291E3B1D411CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3070, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E3075
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E3107
                                                                                                                                  • Part of subcall function 013E3120: OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 013E3120: BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                  • Part of subcall function 013E3120: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E30DC
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E30E7
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E30F0
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E30FC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocL_reallocR_put_errorX_getmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1569393809-589256770
                                                                                                                                • Opcode ID: 7f94dc5444e24b39e9c30b8799fb1c556c00f0889d28b240e9c84188a0c78c2a
                                                                                                                                • Instruction ID: f49a7e721fba3e90a19124bdbc70b5dbc0964de587f68672135fe89d4881b463
                                                                                                                                • Opcode Fuzzy Hash: 7f94dc5444e24b39e9c30b8799fb1c556c00f0889d28b240e9c84188a0c78c2a
                                                                                                                                • Instruction Fuzzy Hash: 6A01DBF46403126BE3206F15DC56F1776E4AFA0708F44843DF44957391E7B1E91986A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD190, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,00000000,?), ref: 013FD1AB
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000072,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,0000010A,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD1D8
                                                                                                                                • EC_GROUP_free.ADB(?,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD1ED
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 013FD1F6
                                                                                                                                • EC_POINT_dup.ADB(00000000,?,00000000,00000000,?,013FD0DD,00000000,?), ref: 013FD201
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeP_cmpP_freeR_put_errorT_dup
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1965328866-3769350328
                                                                                                                                • Opcode ID: 289d0ef6a72c124e2c0420557d1078b03393bd0b03b6403f77f99e786e3dd702
                                                                                                                                • Instruction ID: 3067f4785a473da8b5388201588a26190652c3ee78601bf556d2ea05893954d8
                                                                                                                                • Opcode Fuzzy Hash: 289d0ef6a72c124e2c0420557d1078b03393bd0b03b6403f77f99e786e3dd702
                                                                                                                                • Instruction Fuzzy Hash: A3012BB1B4030277E6206AA85C46F1B36A86F60B1CF04443DFB4AA7181EAA1E4244262
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E41E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E41E4
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E4272
                                                                                                                                  • Part of subcall function 013E3120: OPENSSL_realloc.ADB(00000000,?), ref: 013E316A
                                                                                                                                  • Part of subcall function 013E3120: BN_CTX_get.ADB(?), ref: 013E31AB
                                                                                                                                  • Part of subcall function 013E3120: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?), ref: 013E320F
                                                                                                                                • sk_pop_free_ex.ADB(00000000,014125E0,?), ref: 013E4247
                                                                                                                                  • Part of subcall function 01424610: OPENSSL_free.ADB(?,?,?,?,?,013E158A,?,014125E0,?), ref: 0142464D
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013E4252
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013E425B
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E4267
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_mallocL_reallocR_put_errorX_getmallocmemcpysk_pop_free_ex
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 1569393809-589256770
                                                                                                                                • Opcode ID: 4dea0796a5ff04a52ccc957500a71fbefa892aff8e184896a988f9ea3b3453f1
                                                                                                                                • Instruction ID: 53266cc7d048970ecb0e768c4e1f203fdd92f48bd63cd5545de496017066dfb6
                                                                                                                                • Opcode Fuzzy Hash: 4dea0796a5ff04a52ccc957500a71fbefa892aff8e184896a988f9ea3b3453f1
                                                                                                                                • Instruction Fuzzy Hash: 1601F5F06403126BF3206F61EC4AF1776E4AF60608F40842CF449562D1E7B2E91986A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FABA0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?,?), ref: 013FABB2
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002CA), ref: 013FABCE
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,00000000,00000044), ref: 013FABED
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FABFF
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000044), ref: 013FAC17
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FABC3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$ErrorL_freeLastO_get_thread_localP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2827172248-1759677748
                                                                                                                                • Opcode ID: 87bf51b8f5dfe59d6d01a4fb44e5ed8cee9cc0a7681e73c0b9264f7c8dea7a6f
                                                                                                                                • Instruction ID: a35448f6633b17c49ff9e54a5f778fa03f68f9d0c6b5a8cb5c2656a833ea6a34
                                                                                                                                • Opcode Fuzzy Hash: 87bf51b8f5dfe59d6d01a4fb44e5ed8cee9cc0a7681e73c0b9264f7c8dea7a6f
                                                                                                                                • Instruction Fuzzy Hash: C801DBF6B402067BFA10A658EC86F56731CAB7474CF040039FB09971C5F6B6A91986B2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5840, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000030), ref: 013E5849
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • BN_MONT_CTX_free.ADB(00000000), ref: 013E59DD
                                                                                                                                  • Part of subcall function 013EB8D0: ERR_put_error.ADB(00000003,00000000,00000069,external/boringssl/src/crypto/fipsmodule/bn/montgomery.c,000000A5), ref: 013EB983
                                                                                                                                  • Part of subcall function 013EBB40: BN_num_bits.ADB(?,-00000014,00000000,00000000,?,?,013E58DF,00000000,?,-00000014,?), ref: 013EBB5B
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000066,external/boringssl/src/crypto/fipsmodule/bn/bn.c,000001A0), ref: 013E599C
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013E59CB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E5991
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$L_mallocN_num_bitsX_freemallocmemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 309076968-2228489102
                                                                                                                                • Opcode ID: a1aff3c7637ac9fb1a5b178151bf817d5732a675359e24af3832fff20a8eb6c9
                                                                                                                                • Instruction ID: 5ffc0ac0e79c636ce6d5ad212f12dbbf80dd89743fad2f60c8834bf93f7b8f95
                                                                                                                                • Opcode Fuzzy Hash: a1aff3c7637ac9fb1a5b178151bf817d5732a675359e24af3832fff20a8eb6c9
                                                                                                                                • Instruction Fuzzy Hash: 274122B5A007149BE3209F28C859B6BB7E4EF9625CF048B2DF59A673C1E770E504C791
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E08E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E08F1
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E09C4
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E09B9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 2531206346-2228489102
                                                                                                                                • Opcode ID: 41f9ce8301083f3adb3a915b1a61e17f1ec19b96f2982f8c0b7ceb392de70ccf
                                                                                                                                • Instruction ID: 042550fd7276d85a929ce1b93343eaf82b6b87407b0be440e36b5020c2ca64b9
                                                                                                                                • Opcode Fuzzy Hash: 41f9ce8301083f3adb3a915b1a61e17f1ec19b96f2982f8c0b7ceb392de70ccf
                                                                                                                                • Instruction Fuzzy Hash: AE2106B17403258FF7259F19D848B17B7E4AFA071CF05402DF5966B2A1D3B1D44587D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E9870, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • BN_CTX_get.ADB(?), ref: 013E98E0
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006D,external/boringssl/src/crypto/fipsmodule/bn/mul.c,00000284), ref: 013E9914
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/mul.c, xrefs: 013E9909
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_errorX_get
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/mul.c
                                                                                                                                • API String ID: 1566580886-1069320938
                                                                                                                                • Opcode ID: af9192fdfaad0756fa8a55ae9e2388ae96e123d0263295f8f261855c1bac7e50
                                                                                                                                • Instruction ID: 10112a0337ab6ef2f7265d87fccdebbf6f41239c03bb807dab0dafd30aa4cc91
                                                                                                                                • Opcode Fuzzy Hash: af9192fdfaad0756fa8a55ae9e2388ae96e123d0263295f8f261855c1bac7e50
                                                                                                                                • Instruction Fuzzy Hash: 8121F671A003226BEB209A1A8C0CF2B7FE9AF9565CF09442CF98D532D1E774E904C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DF4E0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?,?,?,?,?,013DFCF4,?,?), ref: 013DF51E
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,?), ref: 013DF53B
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 013DF546
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000167,?,?,?,?,013DFCF4,?,?), ref: 013DF574
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$ErrorL_mallocLastO_get_thread_localR_put_errormemcpy
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 1142297103-2228489102
                                                                                                                                • Opcode ID: 46c427f922a7ebb4c76a5af4a4b975cd1de3254c43470e2fbb6ca899f08ecdb6
                                                                                                                                • Instruction ID: f0eab83fe5e3030d6e638deaf3cedd16fbe8aec0281baa3ceb8802cdccdbdf44
                                                                                                                                • Opcode Fuzzy Hash: 46c427f922a7ebb4c76a5af4a4b975cd1de3254c43470e2fbb6ca899f08ecdb6
                                                                                                                                • Instruction Fuzzy Hash: 3001DB72E40309F7EB009E55FCC1FA6369EAB5074CF84402AFE0AAA1D1E3B2D6528651
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC580, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC592
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC5A8
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?,?,?,?,013F7B19,?,?), ref: 013F8328
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?), ref: 013F833C
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC5BF
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,0000033E), ref: 013FC5DB
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC5D0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: P_cmp$N_cmp$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 4157703716-1759677748
                                                                                                                                • Opcode ID: 1d2784c7cac23b2dc5c5ea76e8364ea1c437d88d1de2aaeb1da044113db29913
                                                                                                                                • Instruction ID: c4672fbe0bc6601ec90ed437b736ed0ade4242827eb37d833597a85310608fe6
                                                                                                                                • Opcode Fuzzy Hash: 1d2784c7cac23b2dc5c5ea76e8364ea1c437d88d1de2aaeb1da044113db29913
                                                                                                                                • Instruction Fuzzy Hash: C0012BB2A402197BFA01766DAC45F1F375CFF6135CF040038FE09A6242F215E62985A7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01400D90, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?,?,00000000,?,00000000,01400C63,?,?,?,?,?), ref: 01400DA5
                                                                                                                                • BN_ucmp.ADB(?,?,?,?,?,?,00000000,?,00000000,01400C63,?,?,?,?,?), ref: 01400DD4
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006B,external/boringssl/src/crypto/fipsmodule/ec/oct.c,000000F1,?,?,?,?,00000000,?,00000000,01400C63,?,?,?), ref: 01400DF0
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/oct.c, xrefs: 01400DE5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_ucmpP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/oct.c
                                                                                                                                • API String ID: 2336030324-1227443160
                                                                                                                                • Opcode ID: 3afc6e46aca55145aa9404d4fd84b3338f75fe9233e6e69bb413162641f60e94
                                                                                                                                • Instruction ID: 415068284751334897fc3ef8d33aeb31065d15c38eb5a345ab265a1466fc0130
                                                                                                                                • Opcode Fuzzy Hash: 3afc6e46aca55145aa9404d4fd84b3338f75fe9233e6e69bb413162641f60e94
                                                                                                                                • Instruction Fuzzy Hash: A101A7716403056FEA106A5ADCC1B5FB7E8AF54398F44003AFE4853291E7B5E8D5C662
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01531520, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ASN1_item_i2d.ADB(?,?,?,?,?,?,?), ref: 01531547
                                                                                                                                • ASN1_item_d2i.ADB(00000000,?,00000000,?), ref: 01531563
                                                                                                                                • OPENSSL_free.ADB ref: 01531570
                                                                                                                                • ERR_put_error.ADB(0000000C,00000000,00000041,external/boringssl/src/crypto/asn1/a_dup.c,00000050), ref: 01531587
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/asn1/a_dup.c, xrefs: 0153157C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeN1_item_d2iN1_item_i2dR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/asn1/a_dup.c
                                                                                                                                • API String ID: 2100792418-342876411
                                                                                                                                • Opcode ID: 467db6d70531250eee17791041b930649e70d9da9e9633411f76f90ba2171122
                                                                                                                                • Instruction ID: ad903f8ce252dd455163e773c84132446e949effe8edaef8eafbf85092d7a1a8
                                                                                                                                • Opcode Fuzzy Hash: 467db6d70531250eee17791041b930649e70d9da9e9633411f76f90ba2171122
                                                                                                                                • Instruction Fuzzy Hash: 48F0A4B1A4421177E614AB15EC56F6F7B98DFD1A00F48052DF9869F2C1E5B1980486A3
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FCF30, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_new_method.ADB(00000000), ref: 013FCF33
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_malloc.ADB(00000024,?,?,013FCE37,00000000), ref: 013FCE44
                                                                                                                                  • Part of subcall function 013FCE40: ENGINE_get_ECDSA_method.ADB(?,?,?,?,?,?,?,?,00000000), ref: 013FCE9F
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_new_ex_data.ADB(-00000020,?,?,?,?,?,?,?,00000000), ref: 013FCEC9
                                                                                                                                  • Part of subcall function 013FCE40: CRYPTO_free_ex_data.ADB(017287C4,00000000,-00000020), ref: 013FCEF0
                                                                                                                                  • Part of subcall function 013FCE40: OPENSSL_free.ADB(00000000), ref: 013FCF09
                                                                                                                                • EC_GROUP_new_by_curve_name.ADB(?), ref: 013FCF45
                                                                                                                                  • Part of subcall function 013FAC50: CRYPTO_once.ADB(01742A2C,013FA4A0), ref: 013FAC65
                                                                                                                                • EC_KEY_free.ADB(00000000), ref: 013FCF54
                                                                                                                                  • Part of subcall function 013FCF80: CRYPTO_refcount_dec_and_test_zero.ADB(00000000,00000000,?,013FCF59,00000000), ref: 013FCF92
                                                                                                                                  • Part of subcall function 013FCF80: EC_GROUP_free.ADB(?,00000000), ref: 013FCFC0
                                                                                                                                  • Part of subcall function 013FCF80: EC_GROUP_free.ADB(?,?,00000000), ref: 013FCFD1
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(?,?,?,00000000), ref: 013FCFDA
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(?,?,00000000), ref: 013FCFE5
                                                                                                                                  • Part of subcall function 013FCF80: OPENSSL_free.ADB(00000000,?,?,00000000), ref: 013FCFFD
                                                                                                                                  • Part of subcall function 013FCF80: CRYPTO_free_ex_data.ADB(017287C4,?,?,?,?,00000000), ref: 013FD02A
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,00000041,external/boringssl/src/crypto/fipsmodule/ec/ec_key.c,00000090), ref: 013FCF6E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec_key.c, xrefs: 013FCF63
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$O_free_ex_dataP_free$A_methodE_get_L_mallocO_new_ex_dataO_onceO_refcount_dec_and_test_zeroP_new_by_curve_nameR_put_errorY_freeY_new_method
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec_key.c
                                                                                                                                • API String ID: 1244602853-3769350328
                                                                                                                                • Opcode ID: 40522e59150a6c25ef02c64f4454e78c23d27c4a9937aac1fd067c49c000d47d
                                                                                                                                • Instruction ID: 9bcfa61e16842939bc5e626dee18a917d213e4b4d32151c090a59caa77136025
                                                                                                                                • Opcode Fuzzy Hash: 40522e59150a6c25ef02c64f4454e78c23d27c4a9937aac1fd067c49c000d47d
                                                                                                                                • Instruction Fuzzy Hash: 4AE04FA5FC432626F97036392D02F56A4845F31A4DF051038FB0EE62D6F592A95982D7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 012F0170, Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 012F01A7
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000030), ref: 012F01CB
                                                                                                                                • EVP_EncodeBlock.ADB(?,?,00000030), ref: 012F01E7
                                                                                                                                • EVP_EncodeBlock.ADB(?,?,00000030), ref: 012F0226
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?), ref: 012F0265
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$BlockEncode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1702346251-0
                                                                                                                                • Opcode ID: 09a229425d137a6f936e6eb5fb7a0fc25584df90474494a48eed7db258bb0a40
                                                                                                                                • Instruction ID: 380c77c63d86c46aee435c961e419032945c3da0de6a875bb05db147512c4e9c
                                                                                                                                • Opcode Fuzzy Hash: 09a229425d137a6f936e6eb5fb7a0fc25584df90474494a48eed7db258bb0a40
                                                                                                                                • Instruction Fuzzy Hash: 3231B3796142058BD3148F58C884A2BF7EAEFD8354F19853CEA4987346E770D9048BA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E4B50, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6afa40ae3d2940de3bdb14403b9487a1496604e26048d9f4f1778ccb22173d5b
                                                                                                                                • Instruction ID: bfa9238d90e4565e1541a74e7b3cfeac044c0a5cb356876b5a888cdc884b9c18
                                                                                                                                • Opcode Fuzzy Hash: 6afa40ae3d2940de3bdb14403b9487a1496604e26048d9f4f1778ccb22173d5b
                                                                                                                                • Instruction Fuzzy Hash: F1419EB1D043929BEB208F18C8457ABB7E4BBD9368F04462DF9C496681E7B1D944C792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013DD530, Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 013DD5A4
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013DD5C8
                                                                                                                                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?), ref: 013DD5EE
                                                                                                                                • AES_wrap_key.ADB(?,?,?,00000000,?), ref: 013DD603
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013DD60E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memcpy$L_freeL_mallocS_wrap_key
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3489752937-0
                                                                                                                                • Opcode ID: a2d19c59832ba6f6eea4e501e44715420b80fa215f9c524dcabfad29424a143c
                                                                                                                                • Instruction ID: d5f26c702447004ab66988baedf3e144a1e8b299cbbd32c58160b69cb7c2e04b
                                                                                                                                • Opcode Fuzzy Hash: a2d19c59832ba6f6eea4e501e44715420b80fa215f9c524dcabfad29424a143c
                                                                                                                                • Instruction Fuzzy Hash: 792197B2904305AFD3005F55EC44B5BBFE8EF9435CF85882CF4488B291E736D9548B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013611E0, Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32 ref: 01361218
                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 01361229
                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 01361231
                                                                                                                                • GetTickCount.KERNEL32 ref: 0136123A
                                                                                                                                • QueryPerformanceCounter.KERNEL32 ref: 01361249
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1445889803-0
                                                                                                                                • Opcode ID: 7cd2bfd97a83a1f29620feb97dd759325ec16aa6573d9caf83a7a6704e8acaf9
                                                                                                                                • Instruction ID: 70d52bc367c5d6029bc68e5e3224100df05b7de2aea8a9da1242bc943f304f4d
                                                                                                                                • Opcode Fuzzy Hash: 7cd2bfd97a83a1f29620feb97dd759325ec16aa6573d9caf83a7a6704e8acaf9
                                                                                                                                • Instruction Fuzzy Hash: CD1119B6D042188BCF209FF8E8485CEFBF4FB48664F459526D915F7204DB3269648BD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2970, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000070,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,000000A4), ref: 013F29C0
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F29D4
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F29E7
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/cipher/aead.c, xrefs: 013F29B5, 013F2A15
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 3099655129-2050848870
                                                                                                                                • Opcode ID: 1900a286c0cfab20df9725dfce0ba6874caa1774219fd1f12458a5fe5654f401
                                                                                                                                • Instruction ID: 56ea02b8f3c91bd2f8c0e3e22f46e9d4e8fc3d00207bda5db2716935c7389736
                                                                                                                                • Opcode Fuzzy Hash: 1900a286c0cfab20df9725dfce0ba6874caa1774219fd1f12458a5fe5654f401
                                                                                                                                • Instruction Fuzzy Hash: 9C219F72604305EBEA209A19CD40F2FBBA9EFC5B88F14451DF785A7245D672EC208B63
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F2880, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000067,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,0000007D), ref: 013F28C5
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?), ref: 013F28D7
                                                                                                                                • ERR_put_error.ADB(0000001E,00000000,00000073,external/boringssl/src/crypto/fipsmodule/cipher/aead.c,00000082), ref: 013F2914
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_put_error$memset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/cipher/aead.c
                                                                                                                                • API String ID: 3389987327-2050848870
                                                                                                                                • Opcode ID: 25b2b88a09d80d8beccfdcaa7d7bc50d3fb6af6eddbf4740c6e64a01ab55b888
                                                                                                                                • Instruction ID: 7a2d7fd0b377d3eb418bb366aac510e66b094637f8055858f88f40d6b20afc1b
                                                                                                                                • Opcode Fuzzy Hash: 25b2b88a09d80d8beccfdcaa7d7bc50d3fb6af6eddbf4740c6e64a01ab55b888
                                                                                                                                • Instruction Fuzzy Hash: CD21B472A88354FBDB606A548C01F1BBBE8AB94B08F45491CFB89372D1C2B5ED10C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F88A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHA512_Update.ADB(?,?,?), ref: 013F8A5D
                                                                                                                                  • Part of subcall function 01411750: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,013F8A62,?,?,?), ref: 014117AA
                                                                                                                                • SHA512_Final.ADB(?), ref: 013F8A67
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,0000007F,?,?,?,013F8A6C,?), ref: 0141186E
                                                                                                                                  • Part of subcall function 01411840: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,00000070,?,?,?,013F8A6C,?), ref: 0141189B
                                                                                                                                • OPENSSL_cleanse.ADB(?,000000D8), ref: 013F8A75
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A512_memset$FinalL_cleanseUpdatememcpy
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 278196808-4108050209
                                                                                                                                • Opcode ID: 23e65f1c75fcceff600da4e70fbc297f890dcf71dd0a3b27eaffb96eca2e853f
                                                                                                                                • Instruction ID: 30d4632f0f8aed08e3e66624060b8023de7ccf7cda1fa1c0cb9a10a1d4613595
                                                                                                                                • Opcode Fuzzy Hash: 23e65f1c75fcceff600da4e70fbc297f890dcf71dd0a3b27eaffb96eca2e853f
                                                                                                                                • Instruction Fuzzy Hash: 8F418DB14097808BF3209F15D92979BBBF4BFD5348F009A0CE9D81A2A1D7BA5558CF92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2C20, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000080,external/boringssl/src/crypto/evp/evp.c,00000147), ref: 013D2CD1
                                                                                                                                • ERR_add_error_dataf.ADB(algorithm %d,?), ref: 013D2CDF
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2CC3
                                                                                                                                • algorithm %d, xrefs: 013D2CDA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: R_add_error_datafR_put_error
                                                                                                                                • String ID: algorithm %d$external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 3714506252-1871829391
                                                                                                                                • Opcode ID: 1950202b63d4baa094d25cc519a54ad66b982b7aee1adf57b566df72062c7f9c
                                                                                                                                • Instruction ID: 1b4b2cfa34bc53d908b69acc5041959de96035501de478798ce8f754d779716a
                                                                                                                                • Opcode Fuzzy Hash: 1950202b63d4baa094d25cc519a54ad66b982b7aee1adf57b566df72062c7f9c
                                                                                                                                • Instruction Fuzzy Hash: D311AF72B406118BEF35CA9DEC40B1B77A5AB84B08F068429F95A9B6A4D3B0EC408742
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F87A0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SHA256_Update.ADB(?,?,?), ref: 013F8873
                                                                                                                                  • Part of subcall function 014103B0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,00000040,?,?,?,?,013F8778,?,?,?), ref: 01410417
                                                                                                                                • SHA256_Final.ADB(?), ref: 013F887D
                                                                                                                                  • Part of subcall function 01410510: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,0000003F,?,?,?,013F8782,?), ref: 0141053B
                                                                                                                                  • Part of subcall function 01410510: memset.API-MS-WIN-CRT-STRING-L1-1-0(00000080,00000000,00000038,?,?,?,013F8782,?), ref: 01410564
                                                                                                                                • OPENSSL_cleanse.ADB(?,00000070), ref: 013F8888
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A256_memset$FinalL_cleanseUpdatememcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2490142882-3916222277
                                                                                                                                • Opcode ID: 019218ff2b814dff65d9b40c2ca171b11ecf8e96f85f7ad8c5bcfb151e3ffa0c
                                                                                                                                • Instruction ID: 6c9c791960efb02e9a139da5048902090ed7ea3355acc0064c51fa4de1a8784f
                                                                                                                                • Opcode Fuzzy Hash: 019218ff2b814dff65d9b40c2ca171b11ecf8e96f85f7ad8c5bcfb151e3ffa0c
                                                                                                                                • Instruction Fuzzy Hash: 112192B14083809BE3109F15D86975BBBF0BFD5748F105A0CF9941A2A0E7BA95888B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FC1E0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC1F1
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FC207
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?,?,?,?,013F7B19,?,?), ref: 013F8328
                                                                                                                                  • Part of subcall function 013F82E0: BN_cmp.ADB(?,?,?,?), ref: 013F833C
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,00000301), ref: 013FC223
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FC218
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_cmpP_cmp$R_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2289754691-1759677748
                                                                                                                                • Opcode ID: ff9d576edacd7b57fe3b02a9f87c41372f81f9d29562a8ff6fc2e5776f7c1960
                                                                                                                                • Instruction ID: d9ad150caeb8e8a8b1dd82d16d42fa4aa73a7ee80d292f4250fa3e650a605b35
                                                                                                                                • Opcode Fuzzy Hash: ff9d576edacd7b57fe3b02a9f87c41372f81f9d29562a8ff6fc2e5776f7c1960
                                                                                                                                • Instruction Fuzzy Hash: 9FF0E2AAA8121637ED1066ADAC82F0F375CEFA576CF04013CFE0566282F651E52985B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7480, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F74AD
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013F74BE
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F74E9
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F74DE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 1427993062-820803757
                                                                                                                                • Opcode ID: 20efbe8e35872c69e9caeaf85055595432f2625315f7cf1513ae9bfec1e6db27
                                                                                                                                • Instruction ID: 7800e09ef4174255dfd639766ea80bc7786f5687cee85e270f2c2271b09147b5
                                                                                                                                • Opcode Fuzzy Hash: 20efbe8e35872c69e9caeaf85055595432f2625315f7cf1513ae9bfec1e6db27
                                                                                                                                • Instruction Fuzzy Hash: 18F0C2F16003119BFB109F15EC85B53BEA4EF90704F48C06AEA099F292D7B1D855CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F7420, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(?), ref: 013F7432
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • OPENSSL_free.ADB(?), ref: 013F7443
                                                                                                                                • ERR_put_error.ADB(0000001D,00000000,00000041,external/boringssl/src/crypto/fipsmodule/digest/digest.c,000000C2), ref: 013F746E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/digest/digest.c, xrefs: 013F7463
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_freeL_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/digest/digest.c
                                                                                                                                • API String ID: 1427993062-820803757
                                                                                                                                • Opcode ID: d28d96ef0340c0733de50cc8212db612940b2bb5df38ad1079502da9484d4617
                                                                                                                                • Instruction ID: ffc1deca9dc67d11eeffc26af8a703572422842e84930da8d039ae441b49cd46
                                                                                                                                • Opcode Fuzzy Hash: d28d96ef0340c0733de50cc8212db612940b2bb5df38ad1079502da9484d4617
                                                                                                                                • Instruction Fuzzy Hash: 81F02EF1640311A7FB106F15AC41F577FA8EF90704F448039F605AE1D2E771D855C6A2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBB60, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBB6E
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002E5), ref: 013FBB8A
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,000000CC), ref: 013FBBA1
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FBB7F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorL_freeLastO_get_thread_localP_cmpR_put_errormemset
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 3780405206-1759677748
                                                                                                                                • Opcode ID: 4d785b2b3580affdd7195a7271c3676bd3b9669babef29170e44566b483abc7f
                                                                                                                                • Instruction ID: 5f02cc1b33d8939cfb11eee82745fc979387b31c862a242bf8daaa0245e1bc19
                                                                                                                                • Opcode Fuzzy Hash: 4d785b2b3580affdd7195a7271c3676bd3b9669babef29170e44566b483abc7f
                                                                                                                                • Instruction Fuzzy Hash: DCE086B2F9432137FE703628FC07F4A36446F60B18F050475FE0D7A1C9E5D2A855459A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0157C98C, Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,015329CA,00000000), ref: 0157C9E1
                                                                                                                                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157CA17
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: realloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 471065373-0
                                                                                                                                • Opcode ID: 31e61212a6d9e8430f2bb953aa7421a2008a08e6211df0f38276cbea9d47413d
                                                                                                                                • Instruction ID: a33211d857bf20dd208b60229257aac4f725a40536f7031b536aa9d9a902292b
                                                                                                                                • Opcode Fuzzy Hash: 31e61212a6d9e8430f2bb953aa7421a2008a08e6211df0f38276cbea9d47413d
                                                                                                                                • Instruction Fuzzy Hash: 0F5193B4A0421A8FCB00EFACD985AAEB7F0BF48304F558959E854EB315D734E941CF51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E3DC0, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: N_divN_dup
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1624833734-0
                                                                                                                                • Opcode ID: d10b667dd50b636ca0310bd4e8b8d9fea3c06902094ca4d756754541cc24e0ca
                                                                                                                                • Instruction ID: 2df9ba723201bd7b906fe88cfd2ca9dc6e8196f1ee57e8b8ce07315335b0e9e1
                                                                                                                                • Opcode Fuzzy Hash: d10b667dd50b636ca0310bd4e8b8d9fea3c06902094ca4d756754541cc24e0ca
                                                                                                                                • Instruction Fuzzy Hash: C521D073204325ABEB215A5A984CB6B7AE9FFC525CF054078EA4C4B2C1E735D815CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FD8C0, Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_POINT_point2oct.ADB(?,?,?,00000000,00000000), ref: 013FD8E9
                                                                                                                                  • Part of subcall function 013FD940: EC_GROUP_cmp.ADB(00000000,?), ref: 013FD95B
                                                                                                                                  • Part of subcall function 013FD940: ERR_put_error.ADB(0000000F,00000000,00000077,external/boringssl/src/crypto/fipsmodule/ec/oct.c,00000057), ref: 013FD977
                                                                                                                                • OPENSSL_malloc.ADB(00000000), ref: 013FD8F8
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • EC_POINT_point2oct.ADB(?,?,?,00000000,00000000), ref: 013FD915
                                                                                                                                  • Part of subcall function 013FD940: BN_num_bits.ADB(-00000024), ref: 013FDA2D
                                                                                                                                • OPENSSL_free.ADB(00000000), ref: 013FD92C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: T_point2oct$L_freeL_mallocN_num_bitsP_cmpR_put_errormalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 566259014-0
                                                                                                                                • Opcode ID: 98b70b28d5707656d25920a30c854eaeb07510a823af1a99d4aea164657908c9
                                                                                                                                • Instruction ID: 64392e880d8e25384ad095dfc981dc7c4f1068a5a8c5e7f2bfe352f15dc48ef9
                                                                                                                                • Opcode Fuzzy Hash: 98b70b28d5707656d25920a30c854eaeb07510a823af1a99d4aea164657908c9
                                                                                                                                • Instruction Fuzzy Hash: FA01F7B26012056BEF20AAE96C08F3B7A9EDF9051CF45003CFF08CA101E531DD11C762
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 01402C70, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,014027E7,?), ref: 01402C7C
                                                                                                                                • OPENSSL_free.ADB(?,?), ref: 01402CB4
                                                                                                                                • OPENSSL_free.ADB(?,?,?), ref: 01402CEC
                                                                                                                                • OPENSSL_cleanse.ADB(?,00000034,?,?,?), ref: 01402D21
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free$L_cleanse
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 512131043-0
                                                                                                                                • Opcode ID: e77203e166605d42ca6a4db224f7fbde13f916447dbdf2105c19fdedf174ccee
                                                                                                                                • Instruction ID: a115a283f31181002bb62fcc704527d27f2b1bf574c81b62089d128f257c138d
                                                                                                                                • Opcode Fuzzy Hash: e77203e166605d42ca6a4db224f7fbde13f916447dbdf2105c19fdedf174ccee
                                                                                                                                • Instruction Fuzzy Hash: 7B11F6B1510B029BE7219F16E808B47BBF4BF10308F40C928D45A5BAA0D7B6F569CBC1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013F8D50, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D69
                                                                                                                                • OPENSSL_free.ADB(?,00000000,?,013F8D40,00000000), ref: 013F8D84
                                                                                                                                • OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8D9C
                                                                                                                                • OPENSSL_free.ADB(00000000,00000000,?,013F8D40,00000000), ref: 013F8DB4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: 845d80ba2bb6d95fe5869af1807217b6d24686dc51a86322c26b204331d55fa6
                                                                                                                                • Instruction ID: 0cac738ce9b3ff68bed86d041da6eb3fe3f1f697f5a96641266307856d5b6fe7
                                                                                                                                • Opcode Fuzzy Hash: 845d80ba2bb6d95fe5869af1807217b6d24686dc51a86322c26b204331d55fa6
                                                                                                                                • Instruction Fuzzy Hash: 1C01D671A1072187DB369E1CE4007EBB3B47F70A5CF99496DE9811B351D331A85387C1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E5C70, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_free.ADB(013E580E,?,013E580E,00000000), ref: 013E5C82
                                                                                                                                • OPENSSL_free.ADB(013E580E,?,013E580E,00000000), ref: 013E5C9C
                                                                                                                                • OPENSSL_free.ADB(518D0446,00000000), ref: 013E5CAE
                                                                                                                                • OPENSSL_free.ADB(013E57FA,00000000), ref: 013E5CCD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 527510906-0
                                                                                                                                • Opcode ID: b4af3fc7cc42d10497f74082c55fe9fc04336a7c1937368e8fe8a8552fed1412
                                                                                                                                • Instruction ID: 963579b04eb16101319e091acd133295bebb2b9d51ebec4a5c19877a211a8224
                                                                                                                                • Opcode Fuzzy Hash: b4af3fc7cc42d10497f74082c55fe9fc04336a7c1937368e8fe8a8552fed1412
                                                                                                                                • Instruction Fuzzy Hash: 1EF096B991073187DE329F19E5087EE73F45F2061DFC54A2DD8861B251D331E4A38782
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0157BBCB, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0157BD05
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: abort
                                                                                                                                • String ID: '$Error cleaning up spin_keys for thread
                                                                                                                                • API String ID: 4206212132-3781916767
                                                                                                                                • Opcode ID: 2350ea5174ff621886649bd539ca5688cf10bf42c7eab19c0ea33479a33afaf2
                                                                                                                                • Instruction ID: 62811d4f0171d6c5ea37088782092e643fa25387f0817942247dd4d75e6d6266
                                                                                                                                • Opcode Fuzzy Hash: 2350ea5174ff621886649bd539ca5688cf10bf42c7eab19c0ea33479a33afaf2
                                                                                                                                • Instruction Fuzzy Hash: 69417774A01349CBDB24CFA9D9927ADBBB6FF81304F188169D8549F346C7389A04CB42
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013FBD30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_GROUP_cmp.ADB(?,?), ref: 013FBD40
                                                                                                                                • ERR_put_error.ADB(0000000F,00000000,0000006A,external/boringssl/src/crypto/fipsmodule/ec/ec.c,000002F7), ref: 013FBD5C
                                                                                                                                  • Part of subcall function 01420FF0: CRYPTO_get_thread_local.ADB(00000000,?,?,?,?,013D294C,00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 01420FF6
                                                                                                                                  • Part of subcall function 01420FF0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00000054), ref: 01421019
                                                                                                                                  • Part of subcall function 01420FF0: OPENSSL_free.ADB(?,?,?,?,?,?,?,?,00000054), ref: 0142104E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/ec/ec.c, xrefs: 013FBD51
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorL_freeLastO_get_thread_localP_cmpR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/ec/ec.c
                                                                                                                                • API String ID: 2949237876-1759677748
                                                                                                                                • Opcode ID: b1f669e82524c571ba1ee4ffdfee8a58f64b8352d87c65bdc34bf361c51f00e5
                                                                                                                                • Instruction ID: 2ba4ae64bcd4474cccd19c85c75baea9718b3051e072e6509f3d9e2198d19fbd
                                                                                                                                • Opcode Fuzzy Hash: b1f669e82524c571ba1ee4ffdfee8a58f64b8352d87c65bdc34bf361c51f00e5
                                                                                                                                • Instruction Fuzzy Hash: 3DE026A2B8031277E4203528BC06F4B72586FB1B6CF080039FE09722C9F6A1E01580B7
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2D20, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RSA_up_ref.ADB(?), ref: 013D2D33
                                                                                                                                  • Part of subcall function 01409CB0: CRYPTO_refcount_inc.ADB(?,013D2BC0,?), ref: 01409CB8
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000006B,external/boringssl/src/crypto/evp/evp.c,000000ED), ref: 013D2D4D
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2D42
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: A_up_refO_refcount_incR_put_error
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 126871076-3933497650
                                                                                                                                • Opcode ID: f1fc818ec23d319444c930697adea41271c965e29188cfe9220633dbfbf08aef
                                                                                                                                • Instruction ID: b19c0cdf6ef822c39fe8c7108f944754f3f3e96b853b6cf84c65a88619ff1778
                                                                                                                                • Opcode Fuzzy Hash: f1fc818ec23d319444c930697adea41271c965e29188cfe9220633dbfbf08aef
                                                                                                                                • Instruction Fuzzy Hash: 83E0CD73F8523057D1116209BC05F0772984B21E04F4A4555F6047B1E6D2E1DC5181D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2F60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EC_KEY_up_ref.ADB(?), ref: 013D2F76
                                                                                                                                  • Part of subcall function 013FD380: CRYPTO_refcount_inc.ADB(?,013D2ED0,?), ref: 013FD388
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,0000006A,external/boringssl/src/crypto/evp/evp.c,00000125), ref: 013D2F90
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D2F85
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: O_refcount_incR_put_errorY_up_ref
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 1874503136-3933497650
                                                                                                                                • Opcode ID: 1cf58e25d8ed24d8accd3cd08e9ac140977e558ec6ad94c36f7f97135e2fed69
                                                                                                                                • Instruction ID: bf2c290f939e372b03322b74cab7b0e6a27938e59c7050b84af1de1f75b236dc
                                                                                                                                • Opcode Fuzzy Hash: 1cf58e25d8ed24d8accd3cd08e9ac140977e558ec6ad94c36f7f97135e2fed69
                                                                                                                                • Instruction Fuzzy Hash: B6E0CD73BC533157D51021087C05F4BA58C9F31F09F0A4499F6097B1D1D6E1AC5441C2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E1520, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000018), ref: 013E1522
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/ctx.c,0000006F), ref: 013E1565
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/ctx.c, xrefs: 013E155A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/ctx.c
                                                                                                                                • API String ID: 2531206346-589256770
                                                                                                                                • Opcode ID: 4f9760ce823a1ab8c766da0c7e0342a440da688a99b72af7771b50cf4ec1ed67
                                                                                                                                • Instruction ID: fc1d26ec683fc823a6b34a875149260433ca302a9261be797c71a518ed3aabf4
                                                                                                                                • Opcode Fuzzy Hash: 4f9760ce823a1ab8c766da0c7e0342a440da688a99b72af7771b50cf4ec1ed67
                                                                                                                                • Instruction Fuzzy Hash: 5FE0BFF06803115EF7515F15DC2EF427AE06B60B08F8AC098E5096F2E6D7FAC2499B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013E0010, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000014), ref: 013E0012
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000003,00000000,00000041,external/boringssl/src/crypto/fipsmodule/bn/bn.c,00000049), ref: 013E004E
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/fipsmodule/bn/bn.c, xrefs: 013E0043
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/fipsmodule/bn/bn.c
                                                                                                                                • API String ID: 2531206346-2228489102
                                                                                                                                • Opcode ID: 2760dcb5e785280fc0029f890af94221743840c95d5db9b5692f4ae9a48d195f
                                                                                                                                • Instruction ID: 3b527c61949f9cb5cc8cdfa03cbf462b41a37d08253e6aa7e2261f01b85fc8c5
                                                                                                                                • Opcode Fuzzy Hash: 2760dcb5e785280fc0029f890af94221743840c95d5db9b5692f4ae9a48d195f
                                                                                                                                • Instruction Fuzzy Hash: 3DE0ECF46803015EF7505F11DC2AF427AD06B20B08F8A80A8E6095F2E2E7FAC5858B95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 013D2910, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • OPENSSL_malloc.ADB(00000010), ref: 013D2912
                                                                                                                                  • Part of subcall function 01425D90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,013D2917,00000010), ref: 01425DA1
                                                                                                                                • ERR_put_error.ADB(00000006,00000000,00000041,external/boringssl/src/crypto/evp/evp.c,00000054), ref: 013D2947
                                                                                                                                Strings
                                                                                                                                • external/boringssl/src/crypto/evp/evp.c, xrefs: 013D293C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: L_mallocR_put_errormalloc
                                                                                                                                • String ID: external/boringssl/src/crypto/evp/evp.c
                                                                                                                                • API String ID: 2531206346-3933497650
                                                                                                                                • Opcode ID: b3043ab194d6b1ec523a87ee4eb80c99a0e43091a19cc841a1719fe7e4457932
                                                                                                                                • Instruction ID: a9452e2a6fa1ea97ac00b4f5746f618d2892613189edb43790056a97990b0b24
                                                                                                                                • Opcode Fuzzy Hash: b3043ab194d6b1ec523a87ee4eb80c99a0e43091a19cc841a1719fe7e4457932
                                                                                                                                • Instruction Fuzzy Hash: 63E012F16803015AF7502B119C1AF4339D06B20B09F89C0A4E6095F1E2E7FAD095CA51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0157B9E8, Relevance: 5.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157BA43
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157BA5B
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 0157BA73
                                                                                                                                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 0157BA8E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000027.00000002.1403857411.0000000001251000.00000020.00020000.sdmp, Offset: 01250000, based on PE: true
                                                                                                                                • Associated: 00000027.00000002.1403838584.0000000001250000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1405372999.0000000001606000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406050531.00000000016F0000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406062576.00000000016F1000.00000008.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406121427.0000000001728000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406137605.0000000001741000.00000004.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406155594.0000000001746000.00000002.00020000.sdmp Download File
                                                                                                                                • Associated: 00000027.00000002.1406177546.000000000174A000.00000002.00020000.sdmp Download File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_39_2_1250000_adb.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2717317152-0
                                                                                                                                • Opcode ID: e0a1aa691d5cbbd2528a966e6af301b5f7b16445bac6b0901c818ffc089173e7
                                                                                                                                • Instruction ID: 12d8e532b44e60e8a0c6a350a251129e44507097c0b69ff5f14ce83e43b7baed
                                                                                                                                • Opcode Fuzzy Hash: e0a1aa691d5cbbd2528a966e6af301b5f7b16445bac6b0901c818ffc089173e7
                                                                                                                                • Instruction Fuzzy Hash: C831AD787043059FDB10EF29E185A697BE4BF08295F458869F888CF751E770EA80CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%